Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/937455?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "type": "deb", "namespace": "debian", "name": "rails", "version": "2:6.0.3.7+dfsg-2+deb11u2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:6.0.3.7+dfsg-2+deb11u3", "latest_non_vulnerable_version": "2:7.2.3.1+dfsg-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25006?format=api", "vulnerability_id": "VCID-4tzv-1t1b-t3g3", "summary": "Rails Active Support has a possible ReDoS vulnerability in number_to_delimited\n### Impact\n`NumberToDelimitedConverter` used a regular expression with `gsub!` to insert thousands delimiters. This could produce quadratic time complexity on long digit strings.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04803", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04855", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04874", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04894", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04912", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04895", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04858", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.0484", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04814", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33169" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11" }, { "reference_url": "https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974" }, { "reference_url": "https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33169", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33169" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450556", "reference_id": "2450556", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450556" }, { "reference_url": "https://github.com/advisories/GHSA-cg4j-q9v8-6v38", "reference_id": "GHSA-cg4j-q9v8-6v38", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cg4j-q9v8-6v38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33169", "GHSA-cg4j-q9v8-6v38" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tzv-1t1b-t3g3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22824?format=api", "vulnerability_id": "VCID-5tky-d2en-u7c7", "summary": "Rails Active Support has a possible XSS vulnerability in SafeBuffer#%\n### Impact\n`SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!`) and then formatted with `%` using untrusted arguments, the result incorrectly reports `html_safe? == true`, bypassing ERB auto-escaping and possibly leading to XSS.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02157", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.022", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02204", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02199", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02201", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02222", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02183", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02179", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33170" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7" }, { "reference_url": "https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db" }, { "reference_url": "https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33170", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33170" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450543", "reference_id": "2450543", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450543" }, { "reference_url": "https://github.com/advisories/GHSA-89vf-4333-qx8v", "reference_id": "GHSA-89vf-4333-qx8v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-89vf-4333-qx8v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33170", "GHSA-89vf-4333-qx8v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5tky-d2en-u7c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24334?format=api", "vulnerability_id": "VCID-96qr-hdbp-p7ff", "summary": "Rails has a possible XSS vulnerability in its Action View tag helpers\n### Impact\nWhen a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that allow users to specify custom HTML attributes are affected.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06199", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06241", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06255", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06227", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06185", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06203", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06172", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c" }, { "reference_url": "https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d" }, { "reference_url": "https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33168", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33168" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450549", "reference_id": "2450549", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450549" }, { "reference_url": "https://github.com/advisories/GHSA-v55j-83pf-r9cq", "reference_id": "GHSA-v55j-83pf-r9cq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v55j-83pf-r9cq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33168", "GHSA-v55j-83pf-r9cq" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96qr-hdbp-p7ff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24618?format=api", "vulnerability_id": "VCID-a6z9-5n6k-2kak", "summary": "Rails Active Storage has possible content type bypass via metadata in direct uploads\n### Impact\nActive Storage's `DirectUploadsController` accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like `identified` and `analyzed` are stored in the same metadata hash, a malicious direct-upload client could set these flags.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33173.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33173.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33173", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02269", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02285", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02303", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02297", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02294", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02296", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.0229", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33173" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33173", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33173" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/" } ], "url": "https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53" }, { "reference_url": "https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/" } ], "url": "https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e" }, { "reference_url": "https://github.com/rails/rails/commit/d9502f5214e2198245a4c1defe9cd02a7c8057d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/" } ], "url": "https://github.com/rails/rails/commit/d9502f5214e2198245a4c1defe9cd02a7c8057d0" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-qcfx-2mfw-w4cg", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-qcfx-2mfw-w4cg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33173", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33173" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450545", "reference_id": "2450545", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450545" }, { "reference_url": "https://github.com/advisories/GHSA-qcfx-2mfw-w4cg", "reference_id": "GHSA-qcfx-2mfw-w4cg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qcfx-2mfw-w4cg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33173", "GHSA-qcfx-2mfw-w4cg" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6z9-5n6k-2kak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24796?format=api", "vulnerability_id": "VCID-ad6q-vtdf-syb6", "summary": "Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests\n### Impact\nActive Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33658.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15472", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15546", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15609", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15644", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15677", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15534", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1562", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15731", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15667", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33658" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-p9fm-f462-ggrg", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-p9fm-f462-ggrg" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33658.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33658.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33658", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33658" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451983", "reference_id": "2451983", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451983" }, { "reference_url": "https://github.com/advisories/GHSA-p9fm-f462-ggrg", "reference_id": "GHSA-p9fm-f462-ggrg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9fm-f462-ggrg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33658", "GHSA-p9fm-f462-ggrg" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ad6q-vtdf-syb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23711?format=api", "vulnerability_id": "VCID-hatd-vkun-13hj", "summary": "Rails Active Storage has possible glob injection in its DiskService\n### Impact\nActive Storage's `DiskService#delete_prefixed` passes blob keys directly to `Dir.glob` without escaping glob metacharacters. If a blob key contains attacker-controlled input or custom-generated keys with glob metacharacters, it may be possible to delete unintended files from the storage directory.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33202.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33202.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33202", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07124", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07187", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07197", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07208", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0721", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0718", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07151", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07102", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33202" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33202" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8c9676b803820110548cdb7523800db43bc6874c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/" } ], "url": "https://github.com/rails/rails/commit/8c9676b803820110548cdb7523800db43bc6874c" }, { "reference_url": "https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/" } ], "url": "https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf" }, { "reference_url": "https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/" } ], "url": "https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-73f9-jhhh-hr5m", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-73f9-jhhh-hr5m" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33202", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450547", "reference_id": "2450547", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450547" }, { "reference_url": "https://github.com/advisories/GHSA-73f9-jhhh-hr5m", "reference_id": "GHSA-73f9-jhhh-hr5m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-73f9-jhhh-hr5m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33202", "GHSA-73f9-jhhh-hr5m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hatd-vkun-13hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53902?format=api", "vulnerability_id": "VCID-n8r7-wthv-fqaj", "summary": "Active Record RCE bug with Serialized Columns\nWhen serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE.\n\nThere are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01864", "scoring_system": "epss", "scoring_elements": "0.83096", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01864", "scoring_system": "epss", "scoring_elements": "0.83009", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01864", "scoring_system": "epss", "scoring_elements": "0.83023", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01864", "scoring_system": "epss", "scoring_elements": "0.8302", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01864", "scoring_system": "epss", "scoring_elements": "0.83045", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01864", "scoring_system": "epss", "scoring_elements": "0.83052", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01864", "scoring_system": "epss", "scoring_elements": "0.83068", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01864", "scoring_system": "epss", "scoring_elements": "0.83062", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01864", "scoring_system": "epss", "scoring_elements": "0.83057", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32224" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/" } ], "url": "https://github.com/advisories/GHSA-3hhc-qp5v-9p2j" }, { "reference_url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a" }, { "reference_url": "https://github.com/rails/rails/commits/main/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commits/main/activerecord" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32224" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140", "reference_id": "1016140", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997", "reference_id": "2108997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2108997" }, { "reference_url": "https://security.gentoo.org/glsa/202408-24", "reference_id": "GLSA-202408-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202408-24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0261", "reference_id": "RHSA-2023:0261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1151", "reference_id": "RHSA-2023:1151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937491?format=api", "purl": "pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-32224", "GHSA-3hhc-qp5v-9p2j", "GMS-2022-3029" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8r7-wthv-fqaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23346?format=api", "vulnerability_id": "VCID-qxe4-dubt-1kfp", "summary": "Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests\n### Impact\nWhen serving files through Active Storage's `Blobs::ProxyController`, the controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header (e.g. `bytes=0-`) could cause the server to allocate memory proportional to the file size, possibly resulting in a DoS vulnerability through memory exhaustion.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33174.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05654", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05705", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05712", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05733", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05668", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05638", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33174" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/" } ], "url": "https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5" }, { "reference_url": "https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/" } ], "url": "https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a" }, { "reference_url": "https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/" } ], "url": "https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33174", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33174" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450544", "reference_id": "2450544", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450544" }, { "reference_url": "https://github.com/advisories/GHSA-r46p-8f7g-vvvg", "reference_id": "GHSA-r46p-8f7g-vvvg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r46p-8f7g-vvvg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33174", "GHSA-r46p-8f7g-vvvg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxe4-dubt-1kfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24931?format=api", "vulnerability_id": "VCID-sarm-n22v-akcm", "summary": "Rails Active Support has a possible DoS vulnerability in its number helpers\n### Impact\nActive Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted, possibly resulting in a DoS vulnerability.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05654", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05705", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05712", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05733", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05668", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05638", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb" }, { "reference_url": "https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a" }, { "reference_url": "https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33176", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33176" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450551", "reference_id": "2450551", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450551" }, { "reference_url": "https://github.com/advisories/GHSA-2j26-frm8-cmj9", "reference_id": "GHSA-2j26-frm8-cmj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j26-frm8-cmj9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33176", "GHSA-2j26-frm8-cmj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sarm-n22v-akcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25149?format=api", "vulnerability_id": "VCID-wpmk-wgpm-cuee", "summary": "Rails Active Storage has possible Path Traversal in DiskService\n### Impact\nActive Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applications could be passing user input as keys and would be affected.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33195.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33195.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33195", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09398", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09504", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09521", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.0955", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09536", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09489", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09502", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09454", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33195" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33195", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33195" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/" } ], "url": "https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c" }, { "reference_url": "https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/" } ], "url": "https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655" }, { "reference_url": "https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/" } ], "url": "https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.2.3.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v7.2.3.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.0.4.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33195", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33195" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035", "reference_id": "1132035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450546", "reference_id": "2450546", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450546" }, { "reference_url": "https://github.com/advisories/GHSA-9xrj-h377-fr87", "reference_id": "GHSA-9xrj-h377-fr87", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xrj-h377-fr87" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33195", "GHSA-9xrj-h377-fr87" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wpmk-wgpm-cuee" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42224?format=api", "vulnerability_id": "VCID-12x8-jxdf-jqdz", "summary": "Actionpack Open Redirect Vulnerability\nThe Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22881.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22881.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22881", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94619", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94665", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94656", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94648", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94644", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94634", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94632", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.15453", "scoring_system": "epss", "scoring_elements": "0.94626", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22881" }, { "reference_url": "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22881" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md" }, { "reference_url": "https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E" }, { "reference_url": "https://hackerone.com/reports/1047447", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1047447" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22881", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22881" }, { "reference_url": "https://rubygems.org/gems/actionpack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubygems.org/gems/actionpack" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/05/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/05/05/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/12/14/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930211", "reference_id": "1930211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930211" }, { "reference_url": "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/", "reference_id": "CVE-2021-22881-FAILLE-DE-SECURITE-DANS-LE-MIDDLEWARE-HOSTAUTHORIZATION", "reference_type": "", "scores": [], "url": "https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/" }, { "reference_url": "https://github.com/advisories/GHSA-8877-prq4-9xfw", "reference_id": "GHSA-8877-prq4-9xfw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8877-prq4-9xfw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937485?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22881", "GHSA-8877-prq4-9xfw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12x8-jxdf-jqdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17833?format=api", "vulnerability_id": "VCID-19fr-55kr-hyax", "summary": "rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements\nNOTE: rails-ujs is part of Rails/actionview since 5.1.0.\n\nThere is a potential DOM based cross-site scripting issue in rails-ujs\nwhich leverages the Clipboard API to target HTML elements that are\nassigned the contenteditable attribute. This has the potential to\noccur when pasting malicious HTML content from the clipboard that\nincludes a data-method, data-remote or data-disable-with attribute.\n\nThis vulnerability has been assigned the CVE identifier CVE-2023-23913.\n\nNot affected: < 5.1.0\nVersions Affected: >= 5.1.0\nFixed Versions: 6.1.7.3, 7.0.4.3\n\nImpact\nIf the specified malicious HTML clipboard content is provided to a\ncontenteditable element, this could result in the arbitrary execution\nof javascript on the origin in question.\n\nReleases\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\nWe recommend that all users upgrade to one of the FIXED versions.\nIn the meantime, users can attempt to mitigate this vulnerability\nby removing the contenteditable attribute from elements in pages\nthat rails-ujs will interact with.\n\nPatches\nTo aid users who aren’t able to upgrade immediately we have provided\npatches for the two supported release series. They are in git-am\nformat and consist of a single changeset.\n\n* rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series\n* rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series\n\nPlease note that only the 7.0.Z and 6.1.Z series are\nsupported at present, and 6.0.Z for severe vulnerabilities.\n\nUsers of earlier unsupported releases are advised to upgrade as\nsoon as possible as we cannot guarantee the continued availability\nof security fixes for unsupported releases.\n\nCredits\nWe would like to thank ryotak 15 for reporting this!\n\n* rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)\n* rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)\n* rails-ujs-data-method-contenteditable-main.patch (8.9 KB)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30226", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30269", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30265", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3023", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.3017", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30353", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.30304", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35918", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23913" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd" }, { "reference_url": "https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0007" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5389", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5389" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182160", "reference_id": "2182160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182160" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23913", "reference_id": "CVE-2023-23913", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23913" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml", "reference_id": "CVE-2023-23913.YML", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xp5h-f8jf-rc8q", "reference_id": "GHSA-xp5h-f8jf-rc8q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xp5h-f8jf-rc8q" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240605-0007/", "reference_id": "ntap-20240605-0007", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240605-0007/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937492?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-23913", "GHSA-xp5h-f8jf-rc8q" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-19fr-55kr-hyax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11124?format=api", "vulnerability_id": "VCID-1bxs-yghe-cyck", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nA possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67302", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67412", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67424", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67413", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67378", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67403", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.6739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67361", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.6", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c" }, { "reference_url": "https://rubygems.org/gems/actionpack", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubygems.org/gems/actionpack" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240202-0005/" }, { "reference_url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/12/14/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/12/14/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995940", "reference_id": "1995940", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995940" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586", "reference_id": "992586", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586" }, { "reference_url": "https://security.archlinux.org/AVG-2492", "reference_id": "AVG-2492", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2492" }, { "reference_url": "https://security.archlinux.org/AVG-2493", "reference_id": "AVG-2493", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2493" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-22942", "reference_id": "CVE-2021-22942", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-22942" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22942", "reference_id": "CVE-2021-22942", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22942" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml", "reference_id": "CVE-2021-22942.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml" }, { "reference_url": "https://github.com/advisories/GHSA-2rqw-v265-jf8c", "reference_id": "GHSA-2rqw-v265-jf8c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2rqw-v265-jf8c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937487?format=api", "purl": "pkg:deb/debian/rails@2:6.1.4.1%2Bdfsg-3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.1%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22942", "GHSA-2rqw-v265-jf8c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxs-yghe-cyck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6720?format=api", "vulnerability_id": "VCID-1rgy-k7a9-m7au", "summary": "XSS via posted select tag options\nRuby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60713", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60541", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60616", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60645", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60665", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.6068", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60705", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60691", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.60671", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1099" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=799276", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099" }, { "reference_url": "https://github.com/advisories/GHSA-2xjj-5x6h-8vmf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2xjj-5x6h-8vmf" }, { "reference_url": "https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1099", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1099" }, { "reference_url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2466", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2466" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/03/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937469?format=api", "purl": "pkg:deb/debian/rails@2.3.14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-1099", "GHSA-2xjj-5x6h-8vmf", "OSV-79727" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgy-k7a9-m7au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16802?format=api", "vulnerability_id": "VCID-1rxp-g9rz-4yb3", "summary": "Possible XSS Security Vulnerability in SafeBuffer#bytesplice\nThere is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.\nThis vulnerability has been assigned the CVE identifier CVE-2023-28120.\n\nVersions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3\n\n# Impact\n\nActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized.\nWhen these strings are mutated, the tag is should be removed to mark them as no longer being html_safe.\n\nRuby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation.\nUsers on older versions of Ruby are likely unaffected.\n\nAll users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately.\n\n# Workarounds\n\nAvoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60411", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.6037", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60389", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60382", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60403", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60366", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60349", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60323", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0006", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0006" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5389", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5389" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262", "reference_id": "1033262", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179637", "reference_id": "2179637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179637" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28120", "reference_id": "CVE-2023-28120", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28120" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml", "reference_id": "CVE-2023-28120.YML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml" }, { "reference_url": "https://github.com/advisories/GHSA-pj73-v5mw-pm9j", "reference_id": "GHSA-pj73-v5mw-pm9j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pj73-v5mw-pm9j" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0006/", "reference_id": "ntap-20240202-0006", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1953", "reference_id": "RHSA-2023:1953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3495", "reference_id": "RHSA-2023:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3495" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/", "reference_id": "UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/", "reference_id": "ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937492?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-28120", "GHSA-pj73-v5mw-pm9j", "GMS-2023-765" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rxp-g9rz-4yb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11789?format=api", "vulnerability_id": "VCID-1x8k-t8mr-3fgp", "summary": "URL Redirection to Untrusted Site ('Open Redirect')\nA open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a \"X-Forwarded-Host\" headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25125", "scoring_system": "epss", "scoring_elements": "0.96188", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.25125", "scoring_system": "epss", "scoring_elements": "0.9618", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.25125", "scoring_system": "epss", "scoring_elements": "0.96178", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.25125", "scoring_system": "epss", "scoring_elements": "0.96175", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.25125", "scoring_system": "epss", "scoring_elements": "0.96171", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.25125", "scoring_system": "epss", "scoring_elements": "0.9615", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.25125", "scoring_system": "epss", "scoring_elements": "0.96142", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.25125", "scoring_system": "epss", "scoring_elements": "0.96161", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.25125", "scoring_system": "epss", "scoring_elements": "0.96158", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021" }, { "reference_url": "https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815" }, { "reference_url": "https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240208-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240208-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240208-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240208-0003/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817", "reference_id": "1001817", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034266", "reference_id": "2034266", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034266" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44528", "reference_id": "CVE-2021-44528", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44528" }, { "reference_url": "https://github.com/advisories/GHSA-qphc-hf5q-v8fc", "reference_id": "GHSA-qphc-hf5q-v8fc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qphc-hf5q-v8fc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937489?format=api", "purl": "pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.6%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-44528", "GHSA-qphc-hf5q-v8fc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1x8k-t8mr-3fgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33586?format=api", "vulnerability_id": "VCID-1xgz-hwng-n3eq", "summary": "Untrusted users can run pending migrations in production in Rails\nThere is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.\n\nThis vulnerability has been assigned the CVE identifier CVE-2020-8185.\n\nVersions Affected: 6.0.0 < rails < 6.0.3.2\nNot affected: Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)\nFixed Versions: rails >= 6.0.3.2\n\nImpact\n------\n\nUsing this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run.\n\nWorkarounds\n-----------\n\nUntil such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb:\n\n`config.middleware.delete ActionDispatch::ActionableExceptions`", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8185", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71592", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71509", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71515", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71532", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71505", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71545", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71557", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.7158", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71564", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00679", "scoring_system": "epss", "scoring_elements": "0.71546", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8185" }, { "reference_url": "https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0" }, { "reference_url": "https://hackerone.com/reports/899069", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/899069" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8185", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8185" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852380", "reference_id": "1852380", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852380" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081", "reference_id": "964081", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081" }, { "reference_url": "https://github.com/advisories/GHSA-c6qr-h5vq-59jc", "reference_id": "GHSA-c6qr-h5vq-59jc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6qr-h5vq-59jc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8185", "GHSA-c6qr-h5vq-59jc" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1xgz-hwng-n3eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6996?format=api", "vulnerability_id": "VCID-2efj-tf8d-dfck", "summary": "Strong Parameter bypass with create_with\nThe `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/08/18/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/08/18/10" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1102.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56096", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56086", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.5609", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56101", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56078", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56061", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.55925", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56036", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56057", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514" }, { "reference_url": "http://secunia.com/advisories/60347", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60347" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3514" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240", "reference_id": "1131240", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131240" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm", "reference_id": "GHSA-9rf5-jm6f-2fmm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9rf5-jm6f-2fmm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1102", "reference_id": "RHSA-2014:1102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1102" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937472?format=api", "purl": "pkg:deb/debian/rails@2:4.1.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3514", "GHSA-9rf5-jm6f-2fmm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2efj-tf8d-dfck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8396?format=api", "vulnerability_id": "VCID-2mcx-b9k2-83bh", "summary": "Ruby on Rails vulnerable to code injection\nRuby on Rails before 1.1.5 allows remote attackers to execute Ruby code with \"severe\" or \"serious\" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.", "references": [ { "reference_url": "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.8842", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88406", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88414", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88403", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88397", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88378", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88373", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.8835", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03984", "scoring_system": "epss", "scoring_elements": "0.88359", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111" }, { "reference_url": "https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454" }, { "reference_url": "https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673" }, { "reference_url": "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits" }, { "reference_url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255", "reference_id": "382255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4111", "reference_id": "CVE-2006-4111", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4111" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml", "reference_id": "CVE-2006-4111.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml" }, { "reference_url": "https://github.com/advisories/GHSA-rvpq-5xqx-pfpp", "reference_id": "GHSA-rvpq-5xqx-pfpp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvpq-5xqx-pfpp" }, { "reference_url": "https://security.gentoo.org/glsa/200608-20", "reference_id": "GLSA-200608-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200608-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937454?format=api", "purl": "pkg:deb/debian/rails@1.1.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.1.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-4111", "GHSA-rvpq-5xqx-pfpp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2mcx-b9k2-83bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32714?format=api", "vulnerability_id": "VCID-31xv-z8c6-a7bg", "summary": "XSS in Action View\nThere is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks.\n\n### Impact\n\nWhen an HTML-unsafe string is passed as the default for a missing translation key [named `html` or ending in `_html`](https://guides.rubyonrails.org/i18n.html#using-safe-html-translations), the default string is incorrectly marked as HTML-safe and not escaped. Vulnerable code may look like the following examples:\n\n```erb\n<%# The welcome_html translation is not defined for the current locale: %>\n<%= t(\"welcome_html\", default: untrusted_user_controlled_string) %>\n\n<%# Neither the title.html translation nor the missing.html translation is defined for the current locale: %>\n<%= t(\"title.html\", default: [:\"missing.html\", untrusted_user_controlled_string]) %>\n```\n\n### Patches\n\nPatched Rails versions, 6.0.3.3 and 5.2.4.4, are available from the normal locations.\n\nThe patches have also been applied to the `master`, `6-0-stable`, and `5-2-stable` branches on GitHub. If you track any of these branches, you should update to the latest.\n\nTo aid users who aren’t able to upgrade immediately, we’ve provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* [5-2-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-5-2-translate-helper-xss-patch) — patch for the 5.2 release series\n* [6-0-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-6-0-translate-helper-xss-patch) — patch for the 6.0 release series\n\nPlease note that only the 5.2 and 6.0 release series are currently supported. Users of earlier, unsupported releases are advised to update as soon as possible, as we cannot provide security fixes for unsupported releases.\n\n### Workarounds\n\nImpacted users who can’t upgrade to a patched Rails version can avoid this issue by manually escaping default translations with the `html_escape` helper (aliased as `h`):\n\n```erb\n<%= t(\"welcome_html\", default: h(untrusted_user_controlled_string)) %>\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81153", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81116", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81123", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81136", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81118", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81112", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81085", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81061", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81052", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15169" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877566", "reference_id": "1877566", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1877566" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040", "reference_id": "970040", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040" }, { "reference_url": "https://github.com/advisories/GHSA-cfjv-5498-mph5", "reference_id": "GHSA-cfjv-5498-mph5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cfjv-5498-mph5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937480?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-15169", "GHSA-cfjv-5498-mph5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31xv-z8c6-a7bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7034?format=api", "vulnerability_id": "VCID-333w-aacz-mfcr", "summary": "Arbitrary file existence disclosure\nSpecially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50169", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50126", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50104", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50158", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50152", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50183", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50139", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50091", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50142", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829" }, { "reference_url": "https://github.com/advisories/GHSA-h56m-vwxc-3qpw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h56m-vwxc-3qpw" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7829" }, { "reference_url": "https://puppet.com/security/cve/cve-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2014-7829" }, { "reference_url": "https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183" }, { "reference_url": "http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/" }, { "reference_url": "http://www.securityfocus.com/bid/71183", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/71183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164659", "reference_id": "1164659", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1164659" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934", "reference_id": "770934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937473?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-7829", "GHSA-h56m-vwxc-3qpw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-333w-aacz-mfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12484?format=api", "vulnerability_id": "VCID-3hur-esmy-x3hr", "summary": "Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text\nThere is a possible ReDoS vulnerability in the plain_text_for_blockquote_node helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888.\n\nImpact\n------\n\nCarefully crafted text can cause the plain_text_for_blockquote_node helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2\n\nCredits\n-------\n\nThanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66721", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.6673", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.6671", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66695", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66646", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00517", "scoring_system": "epss", "scoring_elements": "0.66672", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47888" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319035", "reference_id": "2319035", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319035" }, { "reference_url": "https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468", "reference_id": "4f4312b21a6448336de7c7ab0c4d94b378def468", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468" }, { "reference_url": "https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822", "reference_id": "727b0946c3cab04b825c039435eac963d4e91822", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822" }, { "reference_url": "https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e", "reference_id": "ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47888", "reference_id": "CVE-2024-47888", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47888" }, { "reference_url": "https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5", "reference_id": "de0df7caebd9cb238a6f10dca462dc5f8d5e98b5", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/" } ], "url": "https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5" }, { "reference_url": "https://github.com/advisories/GHSA-wwhv-wxv9-rpgw", "reference_id": "GHSA-wwhv-wxv9-rpgw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wwhv-wxv9-rpgw" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937493?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937494?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937495?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-47888", "GHSA-wwhv-wxv9-rpgw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3hur-esmy-x3hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6976?format=api", "vulnerability_id": "VCID-3m2y-wy1w-n7h1", "summary": "SQL Injection Vulnerabilities Affecting PostgreSQL\nSQLi vulnerability in activerecord.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0877.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.79355", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.79309", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.79295", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.79321", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.7933", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.79354", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.79339", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.79328", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.79279", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0125", "scoring_system": "epss", "scoring_elements": "0.79286", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3483" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "http://secunia.com/advisories/59971", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59971" }, { "reference_url": "http://secunia.com/advisories/60214", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60214" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3483" }, { "reference_url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "http://www.securityfocus.com/bid/68341", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/68341" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427", "reference_id": "1114427", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114427" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq", "reference_id": "GHSA-r8fh-hq2p-7qhq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r8fh-hq2p-7qhq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0877", "reference_id": "RHSA-2014:0877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0877" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937471?format=api", "purl": "pkg:deb/debian/rails@2:4.1.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3483", "GHSA-r8fh-hq2p-7qhq", "OSV-108665" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3m2y-wy1w-n7h1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6903?format=api", "vulnerability_id": "VCID-3wtf-uu89-2qe5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/8" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75477", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75378", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75382", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75415", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75394", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75447", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00885", "scoring_system": "epss", "scoring_elements": "0.75435", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4" }, { "reference_url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782" }, { "reference_url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647" }, { "reference_url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520", "reference_id": "1065520", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065520" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081", "reference_id": "CVE-2014-0081", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0081" }, { "reference_url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83", "reference_id": "GHSA-m46p-ggm5-5j83", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m46p-ggm5-5j83" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0215", "reference_id": "RHSA-2014:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0306", "reference_id": "RHSA-2014:0306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0081", "GHSA-m46p-ggm5-5j83", "OSV-103439" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3wtf-uu89-2qe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8400?format=api", "vulnerability_id": "VCID-3zdr-vasc-a7cn", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.", "references": [ { "reference_url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81937", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81848", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.8187", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81866", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81899", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81919", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81907", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81902", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3009" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "http://secunia.com/advisories/36717", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/36717" }, { "reference_url": "http://securitytracker.com/id?1022824", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1022824" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2009/dsa-1887", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2009/dsa-1887" }, { "reference_url": "http://www.osvdb.org/57666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.osvdb.org/57666" }, { "reference_url": "http://www.securityfocus.com/bid/36278", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/36278" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843", "reference_id": "520843", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=520843" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009", "reference_id": "CVE-2009-3009", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3009" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml", "reference_id": "CVE-2009-3009.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf", "reference_id": "GHSA-8qrh-h9m2-5fvf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937464?format=api", "purl": "pkg:deb/debian/rails@2.2.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-3009", "GHSA-8qrh-h9m2-5fvf", "OSV-57666" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zdr-vasc-a7cn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8409?format=api", "vulnerability_id": "VCID-43f3-rxwm-fkgv", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a \"UTF-8 escaping vulnerability.\"", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74293", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74256", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74263", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.7424", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74214", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74282", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.7426", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74213", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2932" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731435", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731435" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932" }, { "reference_url": "http://secunia.com/advisories/45917", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/45917" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2932", "reference_id": "CVE-2011-2932", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2932" }, { "reference_url": "https://github.com/advisories/GHSA-9fh3-vh3h-q4g3", "reference_id": "GHSA-9fh3-vh3h-q4g3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9fh3-vh3h-q4g3" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937469?format=api", "purl": "pkg:deb/debian/rails@2.3.14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-2932", "GHSA-9fh3-vh3h-q4g3" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-43f3-rxwm-fkgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8439?format=api", "vulnerability_id": "VCID-49pq-vg95-jkh2", "summary": "Cross-Site Request Forgery (CSRF)\nRuby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage \"combinations of browser plugins and HTTP redirects,\" a related issue to CVE-2011-0696.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.76907", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.76879", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.76868", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.76837", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.76857", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.76822", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.76922", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.7688", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.76886", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00991", "scoring_system": "epss", "scoring_elements": "0.76828", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0447" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034" }, { "reference_url": "https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025060", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025060" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0447", "reference_id": "CVE-2011-0447", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0447" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml", "reference_id": "CVE-2011-0447.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml" }, { "reference_url": "https://github.com/advisories/GHSA-24fg-p96v-hxh8", "reference_id": "GHSA-24fg-p96v-hxh8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-24fg-p96v-hxh8" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937468?format=api", "purl": "pkg:deb/debian/rails@2.3.11-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.11-0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0447", "GHSA-24fg-p96v-hxh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-49pq-vg95-jkh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8403?format=api", "vulnerability_id": "VCID-4cky-r218-dkbb", "summary": "activerecord vulnerable to SQL Injection\nMultiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76366", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76467", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76399", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76453", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76427", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76414", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76381", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2930" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930", "reference_id": "CVE-2011-2930", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2930" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml", "reference_id": "CVE-2011-2930.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78", "reference_id": "GHSA-h6w6-xmqv-7q78", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6w6-xmqv-7q78" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937469?format=api", "purl": "pkg:deb/debian/rails@2.3.14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-2930", "GHSA-h6w6-xmqv-7q78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cky-r218-dkbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6800?format=api", "vulnerability_id": "VCID-4epw-vk25-mfdw", "summary": "XSS vulnerability in sanitize_css in Action Pack\nCarefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0698", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0698" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1855" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67499", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67385", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67421", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67487", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.6751", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67497", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00536", "scoring_system": "epss", "scoring_elements": "0.67463", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1855" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921331" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1855" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg", "reference_id": "GHSA-q759-hwvc-m3jg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q759-hwvc-m3jg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1855", "GHSA-q759-hwvc-m3jg", "OSV-91452" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4epw-vk25-mfdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6797?format=api", "vulnerability_id": "VCID-4he5-y1u4-gkd2", "summary": "XSS Vulnerability in the `sanitize` helper\nThe `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0698.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70179", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70163", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70116", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70111", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70123", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70138", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70217", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70175", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70187", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70202", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1857" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1857" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335", "reference_id": "921335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921335" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2", "reference_id": "GHSA-j838-vfpq-fmf2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j838-vfpq-fmf2" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1857", "GHSA-j838-vfpq-fmf2", "OSV-91454" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4he5-y1u4-gkd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8468?format=api", "vulnerability_id": "VCID-4zhj-en7h-3yaz", "summary": "Improper Authentication\nThe example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60931", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60909", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60779", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6094", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60898", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60917", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60844", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.6088", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00403", "scoring_system": "epss", "scoring_elements": "0.60852", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422" }, { "reference_url": "http://secunia.com/advisories/35702", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/35702" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51528", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51528" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702" }, { "reference_url": "https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579" }, { "reference_url": "http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest" }, { "reference_url": "http://www.securityfocus.com/bid/35579", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/35579" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/1802", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/1802" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=509564", "reference_id": "509564", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509564" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896", "reference_id": "535896", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2422", "reference_id": "CVE-2009-2422", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2422" }, { "reference_url": "https://github.com/advisories/GHSA-rxq3-gm4p-5fj4", "reference_id": "GHSA-rxq3-gm4p-5fj4", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxq3-gm4p-5fj4" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937465?format=api", "purl": "pkg:deb/debian/rails@2.3.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-2422", "GHSA-rxq3-gm4p-5fj4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zhj-en7h-3yaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15397?format=api", "vulnerability_id": "VCID-5bh7-drnb-7ygg", "summary": "Rails has possible XSS Vulnerability in Action Controller\n# Possible XSS Vulnerability in Action Controller\n\nThere is a possible XSS vulnerability when using the translation helpers\n(`translate`, `t`, etc) in Action Controller. This vulnerability has been\nassigned the CVE identifier CVE-2024-26143.\n\nVersions Affected: >= 7.0.0.\nNot affected: < 7.0.0\nFixed Versions: 7.1.3.1, 7.0.8.1\n\nImpact\n------\nApplications using translation methods like `translate`, or `t` on a\ncontroller, with a key ending in \"_html\", a `:default` key which contains\nuntrusted user input, and the resulting string is used in a view, may be\nsusceptible to an XSS vulnerability.\n\nFor example, impacted code will look something like this:\n\n```ruby\nclass ArticlesController < ApplicationController\n def show \n @message = t(\"message_html\", default: untrusted_input)\n # The `show` template displays the contents of `@message`\n end\nend\n```\n\nTo reiterate the pre-conditions, applications must:\n\n* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from\n a view)\n* Use a key that ends in `_html`\n* Use a default value where the default value is untrusted and unescaped input\n* Send the text to the victim (whether that's part of a template, or a\n `render` call)\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 7-0-translate-xss.patch - Patch for 7.0 series\n* 7-1-translate-xss.patch - Patch for 7.1 series\n\nCredits\n-------\n\nThanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.83957", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.83933", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.83937", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.83944", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.83927", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.83921", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.83898", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.83896", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02067", "scoring_system": "epss", "scoring_elements": "0.8388", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26143" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc" }, { "reference_url": "https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26143", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26143" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266388", "reference_id": "2266388", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266388" }, { "reference_url": "https://github.com/advisories/GHSA-9822-6m93-xqf4", "reference_id": "GHSA-9822-6m93-xqf4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9822-6m93-xqf4" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0004/", "reference_id": "ntap-20240510-0004", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0004/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-26143", "GHSA-9822-6m93-xqf4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bh7-drnb-7ygg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6871?format=api", "vulnerability_id": "VCID-5hqj-fxmk-cbcy", "summary": "XSS Vulnerability in number_to_currency\nThe number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81208", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81107", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81116", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81139", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81138", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81165", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81172", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81191", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81177", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01506", "scoring_system": "epss", "scoring_elements": "0.81171", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/402", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/402" }, { "reference_url": "https://github.com/advisories/GHSA-6h5q-96hp-9jgm", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6h5q-96hp-9jgm" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6415" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-6415", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-6415" }, { "reference_url": "https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036910", "reference_id": "1036910", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6415", "GHSA-6h5q-96hp-9jgm", "OSV-100524" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5hqj-fxmk-cbcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42113?format=api", "vulnerability_id": "VCID-5qu2-b8gt-7qe3", "summary": "Active Record subject to Regular Expression Denial-of-Service (ReDoS)\nThe PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02459", "scoring_system": "epss", "scoring_elements": "0.85168", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02459", "scoring_system": "epss", "scoring_elements": "0.85229", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02459", "scoring_system": "epss", "scoring_elements": "0.85221", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02459", "scoring_system": "epss", "scoring_elements": "0.85199", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02459", "scoring_system": "epss", "scoring_elements": "0.85197", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02459", "scoring_system": "epss", "scoring_elements": "0.85179", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02599", "scoring_system": "epss", "scoring_elements": "0.85631", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02599", "scoring_system": "epss", "scoring_elements": "0.85616", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02599", "scoring_system": "epss", "scoring_elements": "0.85612", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02599", "scoring_system": "epss", "scoring_elements": "0.85608", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI" }, { "reference_url": "https://hackerone.com/reports/1023899", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1023899" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22880" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4929", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930102", "reference_id": "1930102", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930102" }, { "reference_url": "https://github.com/advisories/GHSA-8hc4-xxm3-5ppp", "reference_id": "GHSA-8hc4-xxm3-5ppp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8hc4-xxm3-5ppp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937485?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.5%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22880", "GHSA-8hc4-xxm3-5ppp" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qu2-b8gt-7qe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10092?format=api", "vulnerability_id": "VCID-5x54-hckg-x7b8", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nA bypass vulnerability in Active Storage for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49443", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49345", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49372", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49354", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49408", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49404", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49422", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49397", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16477" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477" }, { "reference_url": "https://github.com/advisories/GHSA-7rr7-rcjw-56vj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7rr7-rcjw-56vj" }, { "reference_url": "https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg" }, { "reference_url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848", "reference_id": "914848", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16477", "reference_id": "CVE-2018-16477", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16477" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937478?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-16477", "GHSA-7rr7-rcjw-56vj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5x54-hckg-x7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16106?format=api", "vulnerability_id": "VCID-63gy-6njy-kbd8", "summary": "ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02639", "scoring_system": "epss", "scoring_elements": "0.85729", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02639", "scoring_system": "epss", "scoring_elements": "0.85707", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02639", "scoring_system": "epss", "scoring_elements": "0.85711", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02639", "scoring_system": "epss", "scoring_elements": "0.85715", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02639", "scoring_system": "epss", "scoring_elements": "0.85701", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02639", "scoring_system": "epss", "scoring_elements": "0.85689", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02639", "scoring_system": "epss", "scoring_elements": "0.85646", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02639", "scoring_system": "epss", "scoring_elements": "0.8567", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02639", "scoring_system": "epss", "scoring_elements": "0.85663", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800", "reference_id": "2164800", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164800" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792", "reference_id": "CVE-2023-22792", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22792" }, { "reference_url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj", "reference_id": "GHSA-p84v-45xj-wwqj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p84v-45xj-wwqj" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0007/", "reference_id": "ntap-20240202-0007", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937492?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-22792", "GHSA-p84v-45xj-wwqj", "GMS-2023-58" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-63gy-6njy-kbd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15665?format=api", "vulnerability_id": "VCID-65tq-e5eb-eucj", "summary": "Rails has possible Sensitive Session Information Leak in Active Storage\n# Possible Sensitive Session Information Leak in Active Storage\n\nThere is a possible sensitive session information leak in Active Storage. By\ndefault, Active Storage sends a `Set-Cookie` header along with the user's\nsession cookie when serving blobs. It also sets `Cache-Control` to public.\nCertain proxies may cache the Set-Cookie, leading to an information leak.\n\nThis vulnerability has been assigned the CVE identifier CVE-2024-26144.\n\nVersions Affected: >= 5.2.0, < 7.1.0\nNot affected: < 5.2.0, > 7.1.0\nFixed Versions: 7.0.8.1, 6.1.7.7\n\nImpact\n------\nA proxy which chooses to caches this request can cause users to share\nsessions. This may include a user receiving an attacker's session or vice\nversa.\n\nThis was patched in 7.1.0 but not previously identified as a security\nvulnerability.\n\nAll users running an affected release should either upgrade or use one of the\nworkarounds immediately.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUpgrade to Rails 7.1.X, or configure caching proxies not to cache the\nSet-Cookie headers.\n\nCredits\n-------\n\nThanks to [tyage](https://hackerone.com/tyage) for reporting this!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86825", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86809", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86814", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86818", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86796", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86776", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86778", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03103", "scoring_system": "epss", "scoring_elements": "0.86759", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26144" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/" } ], "url": "https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433" }, { "reference_url": "https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/" } ], "url": "https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26144", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26144" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0013", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0013" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119", "reference_id": "1065119", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266063", "reference_id": "2266063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266063" }, { "reference_url": "https://github.com/advisories/GHSA-8h22-8cf7-hq6g", "reference_id": "GHSA-8h22-8cf7-hq6g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8h22-8cf7-hq6g" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240510-0013/", "reference_id": "ntap-20240510-0013", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240510-0013/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10806", "reference_id": "RHSA-2024:10806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10806" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937494?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937495?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-26144", "GHSA-8h22-8cf7-hq6g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-65tq-e5eb-eucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8465?format=api", "vulnerability_id": "VCID-6j55-bstz-yybj", "summary": "High severity vulnerability that affects actionpack\nactionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0449", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68141", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68064", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68083", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68062", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68113", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68128", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68152", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68138", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68105", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68042", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0449" }, { "reference_url": "http://secunia.com/advisories/43278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43278" }, { "reference_url": "http://securitytracker.com/id?1025061", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025061" }, { "reference_url": "https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b" }, { "reference_url": "https://github.com/rails/rails/tree/main/actionpack", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/actionpack" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml" }, { "reference_url": "https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0449", "reference_id": "CVE-2011-0449", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0449" }, { "reference_url": "https://github.com/advisories/GHSA-4ww3-3rxj-8v6q", "reference_id": "GHSA-4ww3-3rxj-8v6q", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4ww3-3rxj-8v6q" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0449", "GHSA-4ww3-3rxj-8v6q" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6j55-bstz-yybj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16095?format=api", "vulnerability_id": "VCID-6ku5-mtgz-zygw", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01733", "scoring_system": "epss", "scoring_elements": "0.825", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01733", "scoring_system": "epss", "scoring_elements": "0.82406", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01733", "scoring_system": "epss", "scoring_elements": "0.82424", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01733", "scoring_system": "epss", "scoring_elements": "0.8242", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01733", "scoring_system": "epss", "scoring_elements": "0.82448", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01733", "scoring_system": "epss", "scoring_elements": "0.82454", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01733", "scoring_system": "epss", "scoring_elements": "0.82473", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01733", "scoring_system": "epss", "scoring_elements": "0.82468", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01733", "scoring_system": "epss", "scoring_elements": "0.82463", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22796" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8" }, { "reference_url": "https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164736", "reference_id": "2164736", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164736" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22796", "reference_id": "CVE-2023-22796", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22796" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml", "reference_id": "CVE-2023-22796.YML", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml" }, { "reference_url": "https://github.com/advisories/GHSA-j6gc-792m-qgm2", "reference_id": "GHSA-j6gc-792m-qgm2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j6gc-792m-qgm2" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0009/", "reference_id": "ntap-20240202-0009", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4341", "reference_id": "RHSA-2023:4341", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937492?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-22796", "GHSA-j6gc-792m-qgm2", "GMS-2023-61" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ku5-mtgz-zygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18808?format=api", "vulnerability_id": "VCID-6pxd-xsaw-tuer", "summary": "Active Support Possibly Discloses Locally Encrypted Files\nThere is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037.\n\nVersions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22816", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22911", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22954", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22747", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22823", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22896", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22859", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22803", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38037" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:42Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.7.1" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250214-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250214-0010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057", "reference_id": "1051057", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236261", "reference_id": "2236261", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236261" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38037", "reference_id": "CVE-2023-38037", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38037" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml", "reference_id": "CVE-2023-38037.YML", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml" }, { "reference_url": "https://github.com/advisories/GHSA-cr5q-6q9f-rq6q", "reference_id": "GHSA-cr5q-6q9f-rq6q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr5q-6q9f-rq6q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7720", "reference_id": "RHSA-2023:7720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0268", "reference_id": "RHSA-2024:0268", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0268" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937493?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937494?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937495?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-38037", "GHSA-cr5q-6q9f-rq6q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pxd-xsaw-tuer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16102?format=api", "vulnerability_id": "VCID-6tty-dbwx-rbgx", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33518", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33482", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33506", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33605", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.3352", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33476", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33638", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33548", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33554", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22797" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:07:07Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164793", "reference_id": "2164793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164793" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22797", "reference_id": "CVE-2023-22797", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22797" }, { "reference_url": "https://github.com/advisories/GHSA-9445-4cr6-336r", "reference_id": "GHSA-9445-4cr6-336r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9445-4cr6-336r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-22797", "GHSA-9445-4cr6-336r", "GMS-2023-57" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6tty-dbwx-rbgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10091?format=api", "vulnerability_id": "VCID-6yr6-a21g-dyf5", "summary": "Deserialization of Untrusted Data\nA Broken Access Control vulnerability in Active Job", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0600", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0600" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73893", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73912", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.7389", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73927", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73885", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73871", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73846", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73836", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73877", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00791", "scoring_system": "epss", "scoring_elements": "0.73842", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16476" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml" }, { "reference_url": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw" }, { "reference_url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659223", "reference_id": "1659223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659223" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847", "reference_id": "914847", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16476", "reference_id": "CVE-2018-16476", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16476" }, { "reference_url": "https://github.com/advisories/GHSA-q2qw-rmrh-vv42", "reference_id": "GHSA-q2qw-rmrh-vv42", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2qw-rmrh-vv42" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937478?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-16476", "GHSA-q2qw-rmrh-vv42" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6yr6-a21g-dyf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8411?format=api", "vulnerability_id": "VCID-7f5r-9h1g-nuch", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nA certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68185", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68147", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.6818", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68194", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68169", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68154", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68102", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68125", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68107", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00556", "scoring_system": "epss", "scoring_elements": "0.68084", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3086" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0" }, { "reference_url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978" }, { "reference_url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml" }, { "reference_url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600" }, { "reference_url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2260", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2260" }, { "reference_url": "http://www.securityfocus.com/bid/37427", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/37427" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "reference_id": "545063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086", "reference_id": "CVE-2009-3086", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3086" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml", "reference_id": "CVE-2009-3086.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j", "reference_id": "GHSA-fg9w-g6m4-557j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fg9w-g6m4-557j" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937464?format=api", "purl": "pkg:deb/debian/rails@2.2.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-3086", "GHSA-fg9w-g6m4-557j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7f5r-9h1g-nuch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7497?format=api", "vulnerability_id": "VCID-86jq-2md2-d7ah", "summary": "Possible XSS Vulnerability in ActionView\nThere is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81859", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81878", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81897", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81795", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81806", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81829", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81826", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.8186", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81866", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01626", "scoring_system": "epss", "scoring_elements": "0.81852", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6316" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6316" }, { "reference_url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430" }, { "reference_url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3651", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3651" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/11/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008", "reference_id": "1365008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155", "reference_id": "834155", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155" }, { "reference_url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj", "reference_id": "GHSA-pc3m-v286-2jwj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pc3m-v286-2jwj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1855", "reference_id": "RHSA-2016:1855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1855" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1856", "reference_id": "RHSA-2016:1856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1857", "reference_id": "RHSA-2016:1857", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1858", "reference_id": "RHSA-2016:1858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937477?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6316", "GHSA-pc3m-v286-2jwj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-86jq-2md2-d7ah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8402?format=api", "vulnerability_id": "VCID-877d-u9ag-qqdr", "summary": "Rails Denial of Service vulnerability\nUnspecified vulnerability in the \"dependency resolution mechanism\" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or \"data loss,\" a different vulnerability than CVE-2006-4111.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.9169", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91744", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91724", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91726", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91723", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91681", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91716", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91703", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07371", "scoring_system": "epss", "scoring_elements": "0.91695", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-4112" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28364", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28364" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454" }, { "reference_url": "https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded" }, { "reference_url": "https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673" }, { "reference_url": "http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure" }, { "reference_url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml" }, { "reference_url": "http://www.kb.cert.org/vuls/id/699540", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/699540" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255", "reference_id": "382255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4112", "reference_id": "CVE-2006-4112", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4112" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml", "reference_id": "CVE-2006-4112.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9wrq-xvmp-xjc8", "reference_id": "GHSA-9wrq-xvmp-xjc8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9wrq-xvmp-xjc8" }, { "reference_url": "https://security.gentoo.org/glsa/200608-20", "reference_id": "GLSA-200608-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200608-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937459?format=api", "purl": "pkg:deb/debian/rails@1.1.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.1.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2006-4112", "GHSA-9wrq-xvmp-xjc8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-877d-u9ag-qqdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33951?format=api", "vulnerability_id": "VCID-895a-ydc5-zfg6", "summary": "Circumvention of file size limits in ActiveStorage\nThere is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.\n\nVersions Affected: rails < 5.2.4.2, rails < 6.0.3.1\nNot affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\n\nUtilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.\n\nWorkarounds\n-----------\n\nThis is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81448", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81411", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81376", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81418", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81431", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81409", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81405", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81347", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81356", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01549", "scoring_system": "epss", "scoring_elements": "0.81378", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://github.com/aws/aws-sdk-ruby", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aws/aws-sdk-ruby" }, { "reference_url": "https://github.com/aws/aws-sdk-ruby/issues/2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aws/aws-sdk-ruby/issues/2098" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ" }, { "reference_url": "https://hackerone.com/reports/789579", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/789579" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8162" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843005", "reference_id": "1843005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843005" }, { "reference_url": "https://github.com/advisories/GHSA-m42x-37p3-fv5w", "reference_id": "GHSA-m42x-37p3-fv5w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m42x-37p3-fv5w" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937482?format=api", "purl": "pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8162", "GHSA-m42x-37p3-fv5w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-895a-ydc5-zfg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10455?format=api", "vulnerability_id": "VCID-8dad-dvat-1fg4", "summary": "Path Traversal in Action View\n# File Content Disclosure in Action View\n\nImpact \n------ \nThere is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. \n\nThe impact is limited to calls to `render` which render file contents without a specified accept format. Impacted code in a controller looks something like this: \n\n``` ruby\nclass UserController < ApplicationController \n def index \n render file: \"#{Rails.root}/some/file\" \n end \nend \n``` \n\nRendering templates as opposed to files is not impacted by this vulnerability. \n\nAll users running an affected release should either upgrade or use one of the workarounds immediately. \n\nReleases \n-------- \nThe 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, and 4.2.11.1 releases are available at the normal locations. \n\nWorkarounds \n----------- \nThis vulnerability can be mitigated by specifying a format for file rendering, like this: \n\n``` ruby\nclass UserController < ApplicationController \n def index \n render file: \"#{Rails.root}/some/file\", formats: [:html] \n end \nend \n``` \n\nIn summary, impacted calls to `render` look like this: \n\n``` \nrender file: \"#{Rails.root}/some/file\" \n``` \n\nThe vulnerability can be mitigated by changing to this: \n\n``` \nrender file: \"#{Rails.root}/some/file\", formats: [:html] \n``` \n\nOther calls to `render` are not impacted. \n\nAlternatively, the following monkey patch can be applied in an initializer: \n\n``` ruby\n$ cat config/initializers/formats_filter.rb \n# frozen_string_literal: true \n\nActionDispatch::Request.prepend(Module.new do \n def formats \n super().select do |format| \n format.symbol || format.ref == \"*/*\" \n end \n end \nend) \n``` \n\nCredits \n------- \nThanks to John Hawthorn <john@hawthorn.email> of GitHub", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html" }, { "reference_url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1147", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1149", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1289" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94318", "scoring_system": "epss", "scoring_elements": "0.9995", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418" }, { "reference_url": "https://www.exploit-db.com/exploits/46585", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46585" }, { "reference_url": "https://www.exploit-db.com/exploits/46585/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "https://www.exploit-db.com/exploits/46585/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/03/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689159", "reference_id": "1689159", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689159" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520", "reference_id": "924520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py", "reference_id": "CVE-2019-5418", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5418", "reference_id": "CVE-2019-5418", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5418" }, { "reference_url": "https://github.com/advisories/GHSA-86g5-2wh3-gc9j", "reference_id": "GHSA-86g5-2wh3-gc9j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86g5-2wh3-gc9j" }, { "reference_url": "https://usn.ubuntu.com/7646-1/", "reference_id": "USN-7646-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7646-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937479?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-5418", "GHSA-86g5-2wh3-gc9j" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8dad-dvat-1fg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7286?format=api", "vulnerability_id": "VCID-9hq5-3usy-5fhq", "summary": "Possible Object Leak and Denial of Service attack\nA carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06145", "scoring_system": "epss", "scoring_elements": "0.9084", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06145", "scoring_system": "epss", "scoring_elements": "0.9077", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06145", "scoring_system": "epss", "scoring_elements": "0.90776", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06145", "scoring_system": "epss", "scoring_elements": "0.90787", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06145", "scoring_system": "epss", "scoring_elements": "0.90797", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06145", "scoring_system": "epss", "scoring_elements": "0.90808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06145", "scoring_system": "epss", "scoring_elements": "0.90814", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06145", "scoring_system": "epss", "scoring_elements": "0.90823", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06145", "scoring_system": "epss", "scoring_elements": "0.90821", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17" }, { "reference_url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6" }, { "reference_url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0751" }, { "reference_url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/9" }, { "reference_url": "http://www.securityfocus.com/bid/81800", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/81800" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946", "reference_id": "1301946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v", "reference_id": "GHSA-ffpv-c4hm-3x6v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffpv-c4hm-3x6v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937475?format=api", "purl": "pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-0751", "GHSA-ffpv-c4hm-3x6v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hq5-3usy-5fhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8449?format=api", "vulnerability_id": "VCID-9hvm-2hnk-hyev", "summary": "The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.", "references": [ { "reference_url": "http://dev.rubyonrails.org/changeset/8177", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://dev.rubyonrails.org/changeset/8177" }, { "reference_url": "http://dev.rubyonrails.org/ticket/10048", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://dev.rubyonrails.org/ticket/10048" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=307179", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6077", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87111", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87159", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87139", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87132", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.8709", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87118", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87142", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87147", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03262", "scoring_system": "epss", "scoring_elements": "0.87152", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-6077" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077" }, { "reference_url": "http://secunia.com/advisories/27781", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27781" }, { "reference_url": "http://secunia.com/advisories/28136", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/28136" }, { "reference_url": "https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release" }, { "reference_url": "http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release" }, { "reference_url": "http://www.securityfocus.com/bid/26598", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/26598" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4009", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/4009" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748", "reference_id": "452748", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6077", "reference_id": "CVE-2007-6077", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6077" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml", "reference_id": "CVE-2007-6077.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml" }, { "reference_url": "https://github.com/advisories/GHSA-p4c6-77gc-694x", "reference_id": "GHSA-p4c6-77gc-694x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p4c6-77gc-694x" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937461?format=api", "purl": "pkg:deb/debian/rails@1.2.6-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.6-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-6077", "GHSA-p4c6-77gc-694x" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hvm-2hnk-hyev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7496?format=api", "vulnerability_id": "VCID-9t7a-muwx-zyee", "summary": "Improper Access Control\nThe Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing `WHERE` clauses via a crafted request.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59551", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59406", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59478", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59503", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.5947", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59521", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59533", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59552", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59536", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59517", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/08/11/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365017", "reference_id": "1365017", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365017" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154", "reference_id": "834154", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6317", "reference_id": "CVE-2016-6317", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6317" }, { "reference_url": "https://github.com/advisories/GHSA-pr3r-4wrp-r2pv", "reference_id": "GHSA-pr3r-4wrp-r2pv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pr3r-4wrp-r2pv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1855", "reference_id": "RHSA-2016:1855", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1855" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937477?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6317", "GHSA-pr3r-4wrp-r2pv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9t7a-muwx-zyee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33938?format=api", "vulnerability_id": "VCID-a6sp-18av-wya6", "summary": "Possible Strong Parameters Bypass in ActionPack\nThere is a strong parameters bypass vector in ActionPack.\n\nVersions Affected: rails <= 6.0.3\nNot affected: rails < 5.0.0\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\nIn some cases user supplied information can be inadvertently leaked from\nStrong Parameters. Specifically the return value of `each`, or `each_value`,\nor `each_pair` will return the underlying \"untrusted\" hash of data that was\nread from the parameters. Applications that use this return value may be\ninadvertently use untrusted user input.\n\nImpacted code will look something like this:\n\n```\ndef update\n # Attacker has included the parameter: `{ is_admin: true }`\n User.update(clean_up_params)\nend\n\ndef clean_up_params\n params.each { |k, v| SomeModel.check(v) if k == :name }\nend\n```\n\nNote the mistaken use of `each` in the `clean_up_params` method in the above\nexample.\n\nWorkarounds\n-----------\nDo not use the return values of `each`, `each_value`, or `each_pair` in your\napplication.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91752", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.9169", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91698", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91703", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91712", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91724", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91731", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91734", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91736", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07389", "scoring_system": "epss", "scoring_elements": "0.91732", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY" }, { "reference_url": "https://hackerone.com/reports/292797", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/292797" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8164" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634", "reference_id": "1842634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1842634" }, { "reference_url": "https://github.com/advisories/GHSA-8727-m6gj-mc37", "reference_id": "GHSA-8727-m6gj-mc37", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8727-m6gj-mc37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937482?format=api", "purl": "pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8164", "GHSA-8727-m6gj-mc37" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6sp-18av-wya6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8415?format=api", "vulnerability_id": "VCID-awt1-8bxs-xffs", "summary": "actionpack Improper Authentication vulnerability\nThe `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76812", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76746", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76729", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.7676", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76771", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76799", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76779", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76714", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00981", "scoring_system": "epss", "scoring_elements": "0.76718", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3424" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=843711", "reference_id": "843711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=843711" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424", "reference_id": "CVE-2012-3424", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3424" }, { "reference_url": "https://github.com/advisories/GHSA-92w9-2pqw-rhjj", "reference_id": "GHSA-92w9-2pqw-rhjj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92w9-2pqw-rhjj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3424", "GHSA-92w9-2pqw-rhjj", "OSV-84243" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-awt1-8bxs-xffs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7295?format=api", "vulnerability_id": "VCID-bjwf-uhyk-63aj", "summary": "Timing attack vulnerability in basic authentication\nDue to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81576", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81474", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81486", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81507", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81504", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81533", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81538", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81558", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01574", "scoring_system": "epss", "scoring_elements": "0.81545", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7576" }, { "reference_url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/8" }, { "reference_url": "http://www.securityfocus.com/bid/81803", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/81803" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933", "reference_id": "1301933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301933" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg", "reference_id": "GHSA-p692-7mm3-3fxg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p692-7mm3-3fxg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937475?format=api", "purl": "pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-7576", "GHSA-p692-7mm3-3fxg" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjwf-uhyk-63aj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6742?format=api", "vulnerability_id": "VCID-c1w4-z275-tqg7", "summary": "Ruby on Rails Potential XSS Vulnerability in select_tag prompt\nWhen a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3463", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56171", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5613", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56161", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56166", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56177", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56137", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56001", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5611", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3463" }, { "reference_url": "https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3463", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3463" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847196", "reference_id": "847196", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847196" }, { "reference_url": "https://github.com/advisories/GHSA-98mf-8f57-64qf", "reference_id": "GHSA-98mf-8f57-64qf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-98mf-8f57-64qf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3463", "GHSA-98mf-8f57-64qf", "OSV-84515" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1w4-z275-tqg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10495?format=api", "vulnerability_id": "VCID-c8b5-d83n-nuhw", "summary": "Allocation of Resources Without Limits or Throttling\nThere is a possible denial of service vulnerability in Action View (Rails) where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0796", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1147", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1149", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1289", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1289" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93825", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93773", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93783", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93787", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93795", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93798", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12118", "scoring_system": "epss", "scoring_elements": "0.93803", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715" }, { "reference_url": "https://github.com/rails/rails/pull/35708", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/pull/35708" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/03/22/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689160", "reference_id": "1689160", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689160" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520", "reference_id": "924520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5419", "reference_id": "CVE-2019-5419", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5419" }, { "reference_url": "https://github.com/advisories/GHSA-m63j-wh5w-c252", "reference_id": "GHSA-m63j-wh5w-c252", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m63j-wh5w-c252" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937479?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-5419", "GHSA-m63j-wh5w-c252" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8b5-d83n-nuhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6768?format=api", "vulnerability_id": "VCID-ca7u-t1y4-uuc7", "summary": "Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3\nThere is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0201.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0202.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0203.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0201", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0202", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0203", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0203" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0333", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0333" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91935", "scoring_system": "epss", "scoring_elements": "0.99696", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.91935", "scoring_system": "epss", "scoring_elements": "0.99691", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91935", "scoring_system": "epss", "scoring_elements": "0.99692", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.91935", "scoring_system": "epss", "scoring_elements": "0.99693", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91935", "scoring_system": "epss", "scoring_elements": "0.99694", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.91935", "scoring_system": "epss", "scoring_elements": "0.99695", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0333" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=903440", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=903440" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333" }, { "reference_url": "https://github.com/advisories/GHSA-xgr2-v94m-rc9g", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xgr2-v94m-rc9g" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0333", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0333" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0333", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-0333" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2613", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2613" }, { "reference_url": "http://www.kb.cert.org/vuls/id/628463", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226", "reference_id": "699226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb", "reference_id": "CVE-2013-0333;OSVDB-89594", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0333", "GHSA-xgr2-v94m-rc9g", "OSV-89594" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ca7u-t1y4-uuc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6765?format=api", "vulnerability_id": "VCID-carc-ntrd-ebfe", "summary": "Multiple vulnerabilities in parameter parsing in Action Pack\nThere are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.", "references": [ { "reference_url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0153.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99694", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99689", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99693", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.99691", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91907", "scoring_system": "epss", "scoring_elements": "0.9969", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0156" }, { "reference_url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0156" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/cve-2013-0156" }, { "reference_url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" }, { "reference_url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2604", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2604" }, { "reference_url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.insinuator.net/2013/01/rails-yaml" }, { "reference_url": "http://www.insinuator.net/2013/01/rails-yaml/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.insinuator.net/2013/01/rails-yaml/" }, { "reference_url": "http://www.kb.cert.org/vuls/id/380039", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/380039" }, { "reference_url": "http://www.kb.cert.org/vuls/id/628463", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/628463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722", "reference_id": "697722", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870", "reference_id": "892870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892870" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/", "reference_id": "CVE-2013-0156", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb", "reference_id": "CVE-2013-0156;OSVDB-89026", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb" }, { "reference_url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg", "reference_id": "GHSA-jmgw-6vjg-jjwg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmgw-6vjg-jjwg" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0153", "reference_id": "RHSA-2013:0153", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0153" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0156", "GHSA-jmgw-6vjg-jjwg", "OSV-89026" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-carc-ntrd-ebfe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13952?format=api", "vulnerability_id": "VCID-ce39-j83r-6ug9", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52201", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52175", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52141", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52145", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52099", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52126", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec" }, { "reference_url": "https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508" }, { "reference_url": "https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b" }, { "reference_url": "https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809" }, { "reference_url": "https://github.com/rails/rails/pull/44635", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/pull/44635" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221118-0002" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20221118-0002/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941", "reference_id": "1011941", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080302", "reference_id": "2080302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080302" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22577", "reference_id": "CVE-2022-22577", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22577" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml", "reference_id": "CVE-2022-22577.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml" }, { "reference_url": "https://github.com/advisories/GHSA-mm33-5vfq-3mm3", "reference_id": "GHSA-mm33-5vfq-3mm3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mm33-5vfq-3mm3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937491?format=api", "purl": "pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-22577", "GHSA-mm33-5vfq-3mm3", "GMS-2022-1137" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ce39-j83r-6ug9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8392?format=api", "vulnerability_id": "VCID-cnqr-6e98-5kgk", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71366", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71274", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71282", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71316", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71329", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71352", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.71337", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0067", "scoring_system": "epss", "scoring_elements": "0.7132", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0446" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446" }, { "reference_url": "http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43274" }, { "reference_url": "http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43666" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217" }, { "reference_url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666" }, { "reference_url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291" }, { "reference_url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2247" }, { "reference_url": "http://www.securityfocus.com/bid/46291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/46291" }, { "reference_url": "http://www.securitytracker.com/id?1025064", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1025064" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0587" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864", "reference_id": "614864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446", "reference_id": "CVE-2011-0446", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0446" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml", "reference_id": "CVE-2011-0446.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml" }, { "reference_url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j", "reference_id": "GHSA-75w6-p6mg-vh8j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-75w6-p6mg-vh8j" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937468?format=api", "purl": "pkg:deb/debian/rails@2.3.11-0.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.11-0.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0446", "GHSA-75w6-p6mg-vh8j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnqr-6e98-5kgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8413?format=api", "vulnerability_id": "VCID-cwa7-9d2t-rfhb", "summary": "actionpack Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56171", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5613", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56161", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56166", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56177", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56137", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56001", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3465" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77" }, { "reference_url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200", "reference_id": "847200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847200" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465", "reference_id": "CVE-2012-3465", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3465" }, { "reference_url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5", "reference_id": "GHSA-7g65-ghrg-hpf5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7g65-ghrg-hpf5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3465", "GHSA-7g65-ghrg-hpf5", "OSV-84513" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cwa7-9d2t-rfhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7291?format=api", "vulnerability_id": "VCID-d15q-6ukb-wfff", "summary": "Object leak vulnerability for wildcard controller routes\nUsers that have a route that contains the string `:controller` are susceptible to objects being leaked globally which can lead to unbounded memory growth. To identify if your application is vulnerable, look for routes that contain `:controller`.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91558", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91492", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91498", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91505", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91525", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91531", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91536", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07108", "scoring_system": "epss", "scoring_elements": "0.91538", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7581" }, { "reference_url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677" }, { "reference_url": "https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/16" }, { "reference_url": "http://www.securityfocus.com/bid/81677", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/81677" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981", "reference_id": "1301981", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301981" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-9h6g-gp95-x3q5", "reference_id": "GHSA-9h6g-gp95-x3q5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9h6g-gp95-x3q5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937475?format=api", "purl": "pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-7581", "GHSA-9h6g-gp95-x3q5" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d15q-6ukb-wfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18130?format=api", "vulnerability_id": "VCID-dd9p-x7k3-37ea", "summary": "Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to\nThe `redirect_to` method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been assigned the CVE identifier CVE-2023-28362.\n\nVersions Affected: All. Not affected: None Fixed Versions: 7.0.5.1, 6.1.7.4", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45215", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45164", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45162", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45194", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45173", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45177", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45155", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441" }, { "reference_url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5" }, { "reference_url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250502-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250502-0009" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058", "reference_id": "1051058", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785", "reference_id": "2217785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2217785" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362", "reference_id": "CVE-2023-28362", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28362" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml", "reference_id": "CVE-2023-28362.YML", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml" }, { "reference_url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf", "reference_id": "GHSA-4g8v-vg43-wpgf", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/" } ], "url": "https://github.com/advisories/GHSA-4g8v-vg43-wpgf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7851", "reference_id": "RHSA-2023:7851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937493?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937494?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937495?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-28362", "GHSA-4g8v-vg43-wpgf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dd9p-x7k3-37ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13195?format=api", "vulnerability_id": "VCID-drg6-gj1f-h7ea", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80614", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80585", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80592", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80606", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80559", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.8055", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80537", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80589", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0142", "scoring_system": "epss", "scoring_elements": "0.80579", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubysec.com/advisories/CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubysec.com/advisories/CVE-2022-21831" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20221118-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20221118-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20221118-0001/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940", "reference_id": "1011940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064747", "reference_id": "2064747", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2064747" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21831", "reference_id": "CVE-2022-21831", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21831" }, { "reference_url": "https://rubysec.com/advisories/CVE-2022-21831/", "reference_id": "CVE-2022-21831", "reference_type": "", "scores": [], "url": "https://rubysec.com/advisories/CVE-2022-21831/" }, { "reference_url": "https://github.com/advisories/GHSA-w749-p3v6-hccq", "reference_id": "GHSA-w749-p3v6-hccq", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w749-p3v6-hccq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937490?format=api", "purl": "pkg:deb/debian/rails@2:6.1.4.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.7%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-21831", "GHSA-w749-p3v6-hccq", "GMS-2022-301" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-drg6-gj1f-h7ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6860?format=api", "vulnerability_id": "VCID-e3j5-xgbr-2qa1", "summary": "Possible DoS Vulnerability\nA carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `\"some string #{user_input}\" % some_number`", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79991", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79921", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79942", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.7993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79959", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79968", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79971", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79963", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01333", "scoring_system": "epss", "scoring_elements": "0.79914", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/118", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/118" }, { "reference_url": "https://github.com/advisories/GHSA-rg5m-3fqp-6px8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg5m-3fqp-6px8" }, { "reference_url": "https://github.com/rails/rails/tree/main/actionmailer", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/actionmailer" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4389" }, { "reference_url": "https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2887", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2887" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013913", "reference_id": "1013913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1013913" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4389", "GHSA-rg5m-3fqp-6px8", "OSV-98629" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e3j5-xgbr-2qa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15651?format=api", "vulnerability_id": "VCID-eb5z-q7rj-j7hh", "summary": "Active Record component in Ruby on Rails has a data-type injection vulnerability\nThe Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the \"typed XML\" feature and a MySQL database.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2013/02/06/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/02/06/7" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/04/24/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/04/24/7" }, { "reference_url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails" }, { "reference_url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails/" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65227", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65111", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65186", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65152", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65202", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65214", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65233", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.6522", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65192", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-3221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221" }, { "reference_url": "https://gist.github.com/dakull/5442275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gist.github.com/dakull/5442275" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain" }, { "reference_url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html" }, { "reference_url": "http://www.phenoelit.org/blog/archives/2013/02/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.phenoelit.org/blog/archives/2013/02/index.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365", "reference_id": "954365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=954365" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221", "reference_id": "CVE-2013-3221", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3221" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml", "reference_id": "CVE-2013-3221.YML", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml" }, { "reference_url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8", "reference_id": "GHSA-f57c-hx33-hvh8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f57c-hx33-hvh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-3221", "GHSA-f57c-hx33-hvh8" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eb5z-q7rj-j7hh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8442?format=api", "vulnerability_id": "VCID-ed3f-3bxh-eba4", "summary": "activesupport vulnerable to Denial of Service via large XML document depth\nThe (1) `jdom.rb` and (2) `rexml.rb` components in Active Support in Ruby on Rails before 3.2.22, 4.1.x before 4.1.11, and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/06/16/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2015/06/16/16" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85849", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85853", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85856", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85841", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85831", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85812", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85807", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85776", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85789", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02683", "scoring_system": "epss", "scoring_elements": "0.85868", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3" }, { "reference_url": "https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680" }, { "reference_url": "https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk" }, { "reference_url": "https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234" }, { "reference_url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232302", "reference_id": "1232302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232302" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487", "reference_id": "790487", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3227", "reference_id": "CVE-2015-3227", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3227" }, { "reference_url": "https://github.com/advisories/GHSA-j96r-xvjq-r9pg", "reference_id": "GHSA-j96r-xvjq-r9pg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j96r-xvjq-r9pg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937474?format=api", "purl": "pkg:deb/debian/rails@2:4.2.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3227", "GHSA-j96r-xvjq-r9pg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3f-3bxh-eba4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15032?format=api", "vulnerability_id": "VCID-ehbj-aezy-d7h4", "summary": "Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch\n\nThere is a possible ReDoS vulnerability in the Accept header parsing routines\nof Action Dispatch. This vulnerability has been assigned the CVE identifier\nCVE-2024-26142.\n\nVersions Affected: >= 7.1.0, < 7.1.3.1\nNot affected: < 7.1.0\nFixed Versions: 7.1.3.1\n\nImpact\n------\nCarefully crafted Accept headers can cause Accept header parsing in Action\nDispatch to take an unexpected amount of time, possibly resulting in a DoS\nvulnerability. All users running an affected release should either upgrade or\nuse one of the workarounds immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby\n3.2 or newer are unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThere are no feasible workarounds for this issue.\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 7-1-accept-redox.patch - Patch for 7.1 series\n\nCredits\n-------\nThanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87692", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87677", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.8768", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87685", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87632", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87647", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87645", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87674", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03542", "scoring_system": "epss", "scoring_elements": "0.87667", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26142" }, { "reference_url": "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26142", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26142" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266324", "reference_id": "2266324", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266324" }, { "reference_url": "https://github.com/advisories/GHSA-jjhx-jhvp-74wq", "reference_id": "GHSA-jjhx-jhvp-74wq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jjhx-jhvp-74wq" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240503-0003/", "reference_id": "ntap-20240503-0003", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240503-0003/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-26142", "GHSA-jjhx-jhvp-74wq" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehbj-aezy-d7h4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33504?format=api", "vulnerability_id": "VCID-es1t-7196-4kbb", "summary": "CSRF Vulnerability in rails-ujs\nThere is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains.\n\nVersions Affected: rails <= 6.0.3\nNot affected: Applications which don't use rails-ujs.\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\n\nThis is a regression of CVE-2015-1840.\n\nIn the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to a cross-origin URL, and the CSRF token will be sent.\n\nWorkarounds\n-----------\n\nTo work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.\n\nFor example, code like this:\n\n link_to params\n\nto code like this:\n\n link_to filtered_params\n\n def filtered_params\n # Filter just the parameters that you trust\n end", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69281", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69242", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69271", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69177", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69245", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69195", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69213", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69192", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69263", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0" }, { "reference_url": "https://hackerone.com/reports/189878", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/189878" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8167" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843084", "reference_id": "1843084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843084" }, { "reference_url": "https://github.com/advisories/GHSA-xq5j-gw7f-jgj8", "reference_id": "GHSA-xq5j-gw7f-jgj8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xq5j-gw7f-jgj8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937482?format=api", "purl": "pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8167", "GHSA-xq5j-gw7f-jgj8" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es1t-7196-4kbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14522?format=api", "vulnerability_id": "VCID-g3rk-djae-pkeh", "summary": "Possible Content Security Policy bypass in Action Dispatch\nThere is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper in Action Pack.\n\nImpact\n------\nApplications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nApplications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.\n\nCredits\n-------\nThanks to [ryotak](https://hackerone.com/ryotak) for the report!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.31424", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.31466", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40871", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40906", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40834", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.4089", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40883", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40895", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0019", "scoring_system": "epss", "scoring_elements": "0.40852", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49" }, { "reference_url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a" }, { "reference_url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542" }, { "reference_url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54133" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250306-0010", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250306-0010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755", "reference_id": "1089755", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619", "reference_id": "2331619", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331619" }, { "reference_url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v", "reference_id": "GHSA-vfm5-rmrh-j26v", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfm5-rmrh-j26v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937493?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937494?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937495?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-54133", "GHSA-vfm5-rmrh-j26v" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g3rk-djae-pkeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33526?format=api", "vulnerability_id": "VCID-g5q6-7uav-sqh1", "summary": "Remote code execution via user-provided local names in ActionView\nThe is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90927", "scoring_system": "epss", "scoring_elements": "0.99632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.90927", "scoring_system": "epss", "scoring_elements": "0.99634", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.90927", "scoring_system": "epss", "scoring_elements": "0.99633", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.90927", "scoring_system": "epss", "scoring_elements": "0.99631", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90927", "scoring_system": "epss", "scoring_elements": "0.9963", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0" }, { "reference_url": "https://hackerone.com/reports/304805", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/304805" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8163" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848724", "reference_id": "1848724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848724" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb", "reference_id": "CVE-2020-8163", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb" }, { "reference_url": "https://github.com/advisories/GHSA-cr3x-7m39-c6jq", "reference_id": "GHSA-cr3x-7m39-c6jq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cr3x-7m39-c6jq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937483?format=api", "purl": "pkg:deb/debian/rails@2:5.2.0%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.0%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8163", "GHSA-cr3x-7m39-c6jq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5q6-7uav-sqh1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47751?format=api", "vulnerability_id": "VCID-gjey-bqtd-kqa1", "summary": "Action Pack contains Information Disclosure / Unintended Method Execution vulnerability\nImpact\n------\nThere is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the `redirect_to` or `polymorphic_url` helper with untrusted user input.\n\nVulnerable code will look like this.\n\n```\nredirect_to(params[:some_param])\n```\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\nReleases\n--------\nThe FIXED releases are available at the normal locations.\n\nWorkarounds\n-----------\nTo work around this problem, it is recommended to use an allow list for valid parameters passed from the user. For example,\n\n```ruby\nprivate def check(param)\n case param\n when \"valid\"\n param\n else\n \"/\"\n end\nend\n\ndef index\n redirect_to(check(params[:some_param]))\nend\n```\n\nOr force the user input to be cast to a string like this,\n\n```ruby\ndef index\n redirect_to(params[:some_param].to_s)\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* 5-2-information-disclosure.patch - Patch for 5.2 series\n* 6-0-information-disclosure.patch - Patch for 6.0 series\n* 6-1-information-disclosure.patch - Patch for 6.1 series\n\nPlease note that only the 5.2, 6.0, and 6.1 series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nCredits\n-------\n\nThanks to Benoit Côté-Jodoin from Shopify for reporting this.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86805", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86812", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86736", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86746", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86765", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86763", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86783", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86791", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03096", "scoring_system": "epss", "scoring_elements": "0.86802", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI" }, { "reference_url": "https://hackerone.com/reports/1106652", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1106652" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22885" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2021/dsa-4929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957441", "reference_id": "1957441", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957441" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-1920", "reference_id": "AVG-1920", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1920" }, { "reference_url": "https://security.archlinux.org/AVG-1921", "reference_id": "AVG-1921", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1921" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://github.com/advisories/GHSA-hjg4-8q5f-x6fm", "reference_id": "GHSA-hjg4-8q5f-x6fm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hjg4-8q5f-x6fm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937486?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22885", "GHSA-hjg4-8q5f-x6fm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gjey-bqtd-kqa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8428?format=api", "vulnerability_id": "VCID-gsx2-9sc2-3fbr", "summary": "Moderate severity vulnerability that affects rails\nCross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.", "references": [ { "reference_url": "http://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails" }, { "reference_url": "http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4214", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81937", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81848", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.8187", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81866", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81899", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81919", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81907", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01632", "scoring_system": "epss", "scoring_elements": "0.81902", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4214" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214" }, { "reference_url": "http://secunia.com/advisories/37446", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/37446" }, { "reference_url": "http://secunia.com/advisories/38915", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/38915" }, { "reference_url": "http://support.apple.com/kb/HT4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4077" }, { "reference_url": "http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2260", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2260" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/27/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/27/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/12/08/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/12/08/3" }, { "reference_url": "http://www.securityfocus.com/bid/37142", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/37142" }, { "reference_url": "http://www.securitytracker.com/id?1023245", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id?1023245" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/3352", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2009/3352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=542786", "reference_id": "542786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=542786" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685", "reference_id": "558685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4214", "reference_id": "CVE-2009-4214", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4214" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml", "reference_id": "CVE-2009-4214.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml" }, { "reference_url": "https://github.com/advisories/GHSA-9p3v-wf2w-v29c", "reference_id": "GHSA-9p3v-wf2w-v29c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9p3v-wf2w-v29c" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937466?format=api", "purl": "pkg:deb/debian/rails@2.2.3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2009-4214", "GHSA-9p3v-wf2w-v29c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsx2-9sc2-3fbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6874?format=api", "vulnerability_id": "VCID-h94p-ywve-y7h9", "summary": "XSS Vulnerability in simple_format helper\nThe simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46448", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46573", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46516", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46535", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46512", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46456", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46507", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46487", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6416" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/404", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/404" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6416" }, { "reference_url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914", "reference_id": "1036914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036914" }, { "reference_url": "https://github.com/advisories/GHSA-w37c-q653-qg95", "reference_id": "GHSA-w37c-q653-qg95", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w37c-q653-qg95" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6416", "GHSA-w37c-q653-qg95", "OSV-100526" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h94p-ywve-y7h9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6774?format=api", "vulnerability_id": "VCID-hbtn-7423-m3gb", "summary": "Circumvention of attr_protected\nThe attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69678", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.6957", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69582", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69598", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69577", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69627", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69644", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69666", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69652", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00606", "scoring_system": "epss", "scoring_elements": "0.69637", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0276" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276" }, { "reference_url": "http://secunia.com/advisories/52112", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52112" }, { "reference_url": "http://secunia.com/advisories/52774", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52774" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0276" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/5" }, { "reference_url": "http://www.osvdb.org/90072", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/90072" }, { "reference_url": "http://www.securityfocus.com/bid/57896", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/57896" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528", "reference_id": "909528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909528" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-gr44-7grc-37vq", "reference_id": "GHSA-gr44-7grc-37vq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gr44-7grc-37vq" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0686", "reference_id": "RHSA-2013:0686", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0686" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0276", "GHSA-gr44-7grc-37vq", "OSV-90072" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hbtn-7423-m3gb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8427?format=api", "vulnerability_id": "VCID-hmp2-rmzv-wkhg", "summary": "Improper Input Validation\nThe template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\"", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74282", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74301", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.7428", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74232", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74228", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74265", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74311", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74274", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2929" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731432" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml" }, { "reference_url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929", "reference_id": "CVE-2011-2929", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2929" }, { "reference_url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q", "reference_id": "GHSA-r7q2-5gqg-6c7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7q2-5gqg-6c7q" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-2929", "GHSA-r7q2-5gqg-6c7q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmp2-rmzv-wkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16390?format=api", "vulnerability_id": "VCID-hppf-a715-r7b2", "summary": "ReDoS based DoS vulnerability in Action Dispatch\nThere is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81303", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.8121", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81234", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81262", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81267", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81288", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81274", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01523", "scoring_system": "epss", "scoring_elements": "0.81266", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f" }, { "reference_url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0" }, { "reference_url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799", "reference_id": "2164799", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164799" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795", "reference_id": "CVE-2023-22795", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22795" }, { "reference_url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv", "reference_id": "GHSA-8xww-x3g3-6jcv", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8xww-x3g3-6jcv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937492?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-22795", "GHSA-8xww-x3g3-6jcv", "GMS-2023-56" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hppf-a715-r7b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8395?format=api", "vulnerability_id": "VCID-hr2h-y693-sbgc", "summary": "activesupport Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56171", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56137", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56177", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56166", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56161", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.56001", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5613", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00333", "scoring_system": "epss", "scoring_elements": "0.5611", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3464" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce" }, { "reference_url": "https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23" }, { "reference_url": "https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870" }, { "reference_url": "https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc" }, { "reference_url": "https://github.com/rails/rails/issues/7215", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/issues/7215" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain" }, { "reference_url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847199", "reference_id": "847199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847199" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3464", "reference_id": "CVE-2012-3464", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3464" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml", "reference_id": "CVE-2012-3464.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml" }, { "reference_url": "https://github.com/advisories/GHSA-h835-75hw-pj89", "reference_id": "GHSA-h835-75hw-pj89", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h835-75hw-pj89" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-3464", "GHSA-h835-75hw-pj89", "OSV-84516" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hr2h-y693-sbgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8446?format=api", "vulnerability_id": "VCID-j24x-nhsb-yug6", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/06/09/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/06/09/2" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/06/13/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/06/13/9" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63314", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.6319", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63249", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63278", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63243", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63295", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63313", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.6333", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2197" }, { "reference_url": "http://secunia.com/advisories/44789", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/44789" }, { "reference_url": "https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd" }, { "reference_url": "https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da" }, { "reference_url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2197", "reference_id": "CVE-2011-2197", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2197" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml", "reference_id": "CVE-2011-2197.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml" }, { "reference_url": "https://github.com/advisories/GHSA-v9v4-7jp6-8c73", "reference_id": "GHSA-v9v4-7jp6-8c73", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v9v4-7jp6-8c73" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-2197", "GHSA-v9v4-7jp6-8c73" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j24x-nhsb-yug6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6766?format=api", "vulnerability_id": "VCID-j7p8-hchp-xbe3", "summary": "Unsafe Query Generation Risk in Ruby on Rails\nDue to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with \"IS NULL\" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.", "references": [ { "reference_url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95199", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95166", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95167", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95171", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95178", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95182", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95188", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.18174", "scoring_system": "epss", "scoring_elements": "0.95155", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0155" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://puppet.com/security/cve/cve-2013-0155" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2609", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2609" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866", "reference_id": "892866", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892866" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx", "reference_id": "GHSA-gppp-5xc5-wfpx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gppp-5xc5-wfpx" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0155", "GHSA-gppp-5xc5-wfpx", "OSV-89025" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j7p8-hchp-xbe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8414?format=api", "vulnerability_id": "VCID-j8zg-kq3z-jqcm", "summary": "Improper Input Validation\nRuby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72327", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72239", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72245", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72265", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72241", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.7228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72292", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72314", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72297", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00712", "scoring_system": "epss", "scoring_elements": "0.72284", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-3933" }, { "reference_url": "http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/41930" }, { "reference_url": "http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1024624" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae" }, { "reference_url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585" }, { "reference_url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html" }, { "reference_url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930" }, { "reference_url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624" }, { "reference_url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0" }, { "reference_url": "http://www.vupen.com/english/advisories/2010/2719", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2010/2719" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933", "reference_id": "CVE-2010-3933", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-3933" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml", "reference_id": "CVE-2010-3933.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf", "reference_id": "GHSA-gjxw-5w2q-7grf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gjxw-5w2q-7grf" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2010-3933", "GHSA-gjxw-5w2q-7grf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j8zg-kq3z-jqcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12862?format=api", "vulnerability_id": "VCID-jwun-grgg-2uet", "summary": "Exposure of information in Action Pack\nAction Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58669", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58687", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58648", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.5868", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58667", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58623", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.5861", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58643", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00367", "scoring_system": "epss", "scoring_elements": "0.58662", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23633" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23634", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63267", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.6327", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63233", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63269", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63284", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.6325", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63198", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63789", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00453", "scoring_system": "epss", "scoring_elements": "0.63763", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/puma/puma", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puma/puma" }, { "reference_url": "https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/" }, { "reference_url": "https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released" }, { "reference_url": "https://security.gentoo.org/glsa/202208-28", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202208-28" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240119-0013", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240119-0013" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240119-0013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240119-0013/" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5146", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2022/dsa-5146" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/02/11/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/02/11/5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389", "reference_id": "1005389", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391", "reference_id": "1005391", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054211", "reference_id": "2054211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2054211" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063149", "reference_id": "2063149", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2063149" }, { "reference_url": "https://security.archlinux.org/AVG-2764", "reference_id": "AVG-2764", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2764" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23633", "reference_id": "CVE-2022-23633", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23633" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23634", "reference_id": "CVE-2022-23634", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23634" }, { "reference_url": "https://github.com/advisories/GHSA-rmj8-8hhh-gv5h", "reference_id": "GHSA-rmj8-8hhh-gv5h", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmj8-8hhh-gv5h" }, { "reference_url": "https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h", "reference_id": "GHSA-rmj8-8hhh-gv5h", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h" }, { "reference_url": "https://github.com/advisories/GHSA-wh98-p28r-vrc9", "reference_id": "GHSA-wh98-p28r-vrc9", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh98-p28r-vrc9" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9", "reference_id": "GHSA-wh98-p28r-vrc9", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://usn.ubuntu.com/6682-1/", "reference_id": "USN-6682-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6682-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937489?format=api", "purl": "pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.6%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-23633", "CVE-2022-23634", "GHSA-rmj8-8hhh-gv5h", "GHSA-wh98-p28r-vrc9" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jwun-grgg-2uet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6873?format=api", "vulnerability_id": "VCID-kcj2-v7av-47cv", "summary": "Reflective XSS Vulnerability\nThere is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72345", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72283", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72259", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72298", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.7231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72333", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72303", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72258", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00713", "scoring_system": "epss", "scoring_elements": "0.72264", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/401", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/401" }, { "reference_url": "https://github.com/advisories/GHSA-699m-mcjm-9cw8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-699m-mcjm-9cw8" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4491" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036922", "reference_id": "1036922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-4491", "GHSA-699m-mcjm-9cw8", "OSV-100528" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcj2-v7av-47cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8466?format=api", "vulnerability_id": "VCID-kkbt-pr7u-f7gn", "summary": "Active Record contains SQL Injection\nSQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.", "references": [ { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts" }, { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0155.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0220.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0544.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77217", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77122", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77151", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77133", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77202", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77181", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77177", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01017", "scoring_system": "epss", "scoring_elements": "0.77115", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6496" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889649" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201401-22.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201401-22.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain" }, { "reference_url": "http://www.securityfocus.com/bid/57084", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/57084" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496", "reference_id": "CVE-2012-6496", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6496" }, { "reference_url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664", "reference_id": "GHSA-gh2w-j7cx-2664", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gh2w-j7cx-2664" }, { "reference_url": "https://security.gentoo.org/glsa/201401-22", "reference_id": "GLSA-201401-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201401-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0155", "reference_id": "RHSA-2013:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-6496", "GHSA-gh2w-j7cx-2664", "OSV-88661" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkbt-pr7u-f7gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8404?format=api", "vulnerability_id": "VCID-knsd-pv15-tydx", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74293", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74214", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.7424", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74213", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.7426", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74282", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74263", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00813", "scoring_system": "epss", "scoring_elements": "0.74256", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-2931" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=731436", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=731436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931" }, { "reference_url": "http://secunia.com/advisories/45921", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/45921" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml" }, { "reference_url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2931", "reference_id": "CVE-2011-2931", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-2931" }, { "reference_url": "https://github.com/advisories/GHSA-v5jg-558j-q67c", "reference_id": "GHSA-v5jg-558j-q67c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v5jg-558j-q67c" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937469?format=api", "purl": "pkg:deb/debian/rails@2.3.14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-2931", "GHSA-v5jg-558j-q67c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knsd-pv15-tydx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6705?format=api", "vulnerability_id": "VCID-kr1b-uct1-7kf6", "summary": "Response Splitting Vulnerability in Ruby on Rails\nA response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74274", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74282", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74301", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.7428", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74259", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74232", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74228", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74265", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00814", "scoring_system": "epss", "scoring_elements": "0.74311", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3186" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=732156", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732156" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9" }, { "reference_url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3186", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3186" }, { "reference_url": "https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2301", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2301" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/17/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/19/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/19/11" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/13" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/14" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2011/08/22/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2011/08/22/5" }, { "reference_url": "https://github.com/advisories/GHSA-fcqf-h4h4-695m", "reference_id": "GHSA-fcqf-h4h4-695m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fcqf-h4h4-695m" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937469?format=api", "purl": "pkg:deb/debian/rails@2.3.14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-3186", "GHSA-fcqf-h4h4-695m", "OSV-74616" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kr1b-uct1-7kf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6901?format=api", "vulnerability_id": "VCID-mep3-6sub-ykdk", "summary": "Denial of Service Vulnerability when using render :text\nStrings sent in specially crafted headers will be converted to symbols.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/10" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0306.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91056", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91044", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91026", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91096", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91071", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91062", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06456", "scoring_system": "epss", "scoring_elements": "0.91021", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc" }, { "reference_url": "https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ" }, { "reference_url": "https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538", "reference_id": "1065538", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065538" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082", "reference_id": "CVE-2014-0082", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0082" }, { "reference_url": "https://github.com/advisories/GHSA-7cgp-c3g7-qvrw", "reference_id": "GHSA-7cgp-c3g7-qvrw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7cgp-c3g7-qvrw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0215", "reference_id": "RHSA-2014:0215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0306", "reference_id": "RHSA-2014:0306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0306" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0082", "GHSA-7cgp-c3g7-qvrw", "OSV-103440" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mep3-6sub-ykdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34108?format=api", "vulnerability_id": "VCID-mnkw-23eu-bkgc", "summary": "Ability to forge per-form CSRF tokens in Rails\nIt is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.\n\nImpact\n------\n\nGiven the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.\n\nWorkarounds\n-----------\n\nThis is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63345", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63311", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63348", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63364", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63347", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63329", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63278", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63312", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63284", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00443", "scoring_system": "epss", "scoring_elements": "0.63225", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw" }, { "reference_url": "https://hackerone.com/reports/732415", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/732415" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8166" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843152", "reference_id": "1843152", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843152" }, { "reference_url": "https://github.com/advisories/GHSA-jp5v-5gx4-jmj9", "reference_id": "GHSA-jp5v-5gx4-jmj9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jp5v-5gx4-jmj9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937482?format=api", "purl": "pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8166", "GHSA-jp5v-5gx4-jmj9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mnkw-23eu-bkgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47598?format=api", "vulnerability_id": "VCID-msda-xqbp-qfdd", "summary": "Possible Open Redirect Vulnerability in Action Pack\nThere is a possible Open Redirect Vulnerability in Action Pack.\n\nVersions Affected: >= v6.1.0.rc2\nNot affected: < v6.1.0.rc2\nFixed Versions: 6.1.3.2\n\nImpact\n------\nThis is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain \"allowed host\" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious\nwebsite.\n\nSince rails/rails@9bc7ea5, strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, config.hosts << \"sub.example.com\" to permit a request with a Host header value of sub-example.com.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThe following monkey patch put in an initializer can be used as a workaround.\n\n```ruby\nclass ActionDispatch::HostAuthorization::Permissions\n def sanitize_string(host)\n if host.start_with?(\".\")\n /\\A(.+\\.)?#{Regexp.escape(host[1..-1])}\\z/i\n else\n /\\A#{Regexp.escape host}\\z/i\n end\n end\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* 6-1-open-redirect.patch - Patch for 6.1 series\n\nPlease note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nCredits\n-------\n\nThanks Jonathan Hefner (https://hackerone.com/jonathanhefner) for reporting this bug!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35808", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35791", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3592", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35831", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35823", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35801", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35693", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35751", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3589", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22903" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0" }, { "reference_url": "https://hackerone.com/reports/1148025", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1148025" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22903", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957438", "reference_id": "1957438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957438" }, { "reference_url": "https://security.archlinux.org/AVG-1919", "reference_id": "AVG-1919", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1919" }, { "reference_url": "https://github.com/advisories/GHSA-5hq2-xf89-9jxq", "reference_id": "GHSA-5hq2-xf89-9jxq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hq2-xf89-9jxq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22903", "GHSA-5hq2-xf89-9jxq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-msda-xqbp-qfdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6902?format=api", "vulnerability_id": "VCID-n5fx-u6fs-vydu", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute \"add data\" SQL commands via vectors involving \\ (backslash) characters that are not properly handled in operations on array columns.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/02/18/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/02/18/9" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48053", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48003", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48056", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4805", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48074", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48062", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.47995", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48033", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0080" }, { "reference_url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hqf9-rc9j-5fmj" }, { "reference_url": "https://github.com/rails/rails/tree/main/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/main/activerecord" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s" }, { "reference_url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517", "reference_id": "1065517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1065517" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080", "reference_id": "CVE-2014-0080", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0080" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-0080", "GHSA-hqf9-rc9j-5fmj", "OSV-103438" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5fx-u6fs-vydu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6869?format=api", "vulnerability_id": "VCID-nf8s-2aaa-17fw", "summary": "Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)\nDue to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0469.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66439", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66468", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66402", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66512", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66477", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66508", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.6652", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66501", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66487", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00512", "scoring_system": "epss", "scoring_elements": "0.66441", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/403", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/403" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6417" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-6417", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-6417" }, { "reference_url": "https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409", "reference_id": "1036409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036409" }, { "reference_url": "https://github.com/advisories/GHSA-wpw7-wxjm-cw8r", "reference_id": "GHSA-wpw7-wxjm-cw8r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpw7-wxjm-cw8r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0469", "reference_id": "RHSA-2014:0469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0469" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6417", "GHSA-wpw7-wxjm-cw8r", "OSV-100527" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf8s-2aaa-17fw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6775?format=api", "vulnerability_id": "VCID-nk6g-hhsk-8kaw", "summary": "Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0\nThere is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91286", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91287", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91283", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91241", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91311", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91236", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91277", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.9127", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91257", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06742", "scoring_system": "epss", "scoring_elements": "0.91251", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277" }, { "reference_url": "http://secunia.com/advisories/52112", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/52112" }, { "reference_url": "http://securitytracker.com/id?1028109", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://securitytracker.com/id?1028109" }, { "reference_url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/tree/v6.1.4.1/activerecord" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0277" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-0277", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-0277" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2620", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2013/dsa-2620" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/02/11/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/02/11/6" }, { "reference_url": "http://www.osvdb.org/90073", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/90073" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633", "reference_id": "909633", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909633" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm", "reference_id": "GHSA-fhj9-cjjh-27vm", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fhj9-cjjh-27vm" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-0277", "GHSA-fhj9-cjjh-27vm", "OSV-90073" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nk6g-hhsk-8kaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8423?format=api", "vulnerability_id": "VCID-nzeb-cy9e-tkax", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nMultiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.", "references": [ { "reference_url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [], "url": "http://gist.github.com/8946" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/288", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/288" }, { "reference_url": "http://rails.lighthouseapp.com/projects/8994/tickets/964", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rails.lighthouseapp.com/projects/8994/tickets/964" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86856", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86782", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86812", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86806", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86834", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86847", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86844", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03119", "scoring_system": "epss", "scoring_elements": "0.86839", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-4094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094" }, { "reference_url": "http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31875" }, { "reference_url": "http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31909" }, { "reference_url": "http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/31910" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45109" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645" }, { "reference_url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1" }, { "reference_url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch" }, { "reference_url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch" }, { "reference_url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081104151751/http://gist.github.com/8946" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875" }, { "reference_url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/" }, { "reference_url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909" }, { "reference_url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910" }, { "reference_url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176" }, { "reference_url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/13/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/13/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2008/09/16/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2008/09/16/1" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter" }, { "reference_url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/" }, { "reference_url": "http://www.securityfocus.com/bid/31176", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/31176" }, { "reference_url": "http://www.securitytracker.com/id?1020871", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1020871" }, { "reference_url": "http://www.vupen.com/english/advisories/2008/2562", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2008/2562" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791", "reference_id": "500791", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094", "reference_id": "CVE-2008-4094", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-4094" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml", "reference_id": "CVE-2008-4094.YML", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2", "reference_id": "GHSA-xf96-32q2-9rw2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xf96-32q2-9rw2" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937462?format=api", "purl": "pkg:deb/debian/rails@2.1.0-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.1.0-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-4094", "GHSA-xf96-32q2-9rw2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nzeb-cy9e-tkax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18383?format=api", "vulnerability_id": "VCID-p22r-u1dd-b7b3", "summary": "Missing security headers in Action Pack on non-HTML responses\n# Permissions-Policy is Only Served on HTML Content-Type\n\nThe application configurable Permissions-Policy is only served on responses\nwith an HTML related Content-Type.\n\nThis has been assigned the CVE identifier CVE-2024-28103.\n\n\nVersions Affected: >= 6.1.0\nNot affected: < 6.1.0\nFixed Versions: 6.1.7.8, 7.0.8.4, and 7.1.3.4\n\nImpact\n------\nResponses with a non-HTML Content-Type are not serving the configured Permissions-Policy. There are certain non-HTML Content-Types that would benefit from having the Permissions-Policy enforced.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nN/A\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe supported release series in accordance with our \n[maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues)\nregarding security issues. They are in git-am format and consist of a\nsingle changeset.\n\n* 6-1-include-permissions-policy-header-on-non-html.patch - Patch for 6.1 series\n* 7-0-include-permissions-policy-header-on-non-html.patch - Patch for 7.0 series\n* 7-1-include-permissions-policy-header-on-non-html.patch - Patch for 7.1 series\n\n\n\nCredits\n-------\n\nThank you [shinkbr](https://hackerone.com/shinkbr) for reporting this!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28103", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74613", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74576", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74585", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74604", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74581", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74565", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74559", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00832", "scoring_system": "epss", "scoring_elements": "0.74532", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28103" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/" } ], "url": "https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28103", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28103" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20241206-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20241206-0002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705", "reference_id": "1072705", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290530", "reference_id": "2290530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290530" }, { "reference_url": "https://github.com/advisories/GHSA-fwhr-88qx-h9g7", "reference_id": "GHSA-fwhr-88qx-h9g7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fwhr-88qx-h9g7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937494?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937495?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-28103", "GHSA-fwhr-88qx-h9g7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p22r-u1dd-b7b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13941?format=api", "vulnerability_id": "VCID-p5mc-r1rg-5ff7", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.7586", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75823", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75829", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75848", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75824", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75812", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.7578", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75801", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00911", "scoring_system": "epss", "scoring_elements": "0.75768", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85" }, { "reference_url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html" }, { "reference_url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982", "reference_id": "1016982", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296", "reference_id": "2080296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2080296" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777", "reference_id": "CVE-2022-27777", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27777" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml", "reference_id": "CVE-2022-27777.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml" }, { "reference_url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv", "reference_id": "GHSA-ch3h-j2vf-95pv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ch3h-j2vf-95pv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2097", "reference_id": "RHSA-2023:2097", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2097" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937491?format=api", "purl": "pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-27777", "GHSA-ch3h-j2vf-95pv", "GMS-2022-1138" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5mc-r1rg-5ff7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7288?format=api", "vulnerability_id": "VCID-pb5f-g4uc-r7fp", "summary": "Possible Input Validation Circumvention\nCode that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacted by this issue as they are encouraged to allow parameters and must specifically opt-out of input verification using the `permit!` method to allow mass assignment.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84843", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84748", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84763", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84782", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84783", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84806", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84812", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84831", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84827", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02328", "scoring_system": "epss", "scoring_elements": "0.84822", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0753" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ" }, { "reference_url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247" }, { "reference_url": "https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/14" }, { "reference_url": "http://www.securityfocus.com/bid/82247", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/82247" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301973", "reference_id": "1301973", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301973" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0753", "reference_id": "CVE-2016-0753", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0753" }, { "reference_url": "https://github.com/advisories/GHSA-543v-gj2c-r3ch", "reference_id": "GHSA-543v-gj2c-r3ch", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-543v-gj2c-r3ch" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937475?format=api", "purl": "pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-0753", "GHSA-543v-gj2c-r3ch" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb5f-g4uc-r7fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23012?format=api", "vulnerability_id": "VCID-pd5s-1xsg-f7a5", "summary": "Rails has a possible XSS vulnerability in its Action Pack debug exceptions\n### Impact\nThe debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`), which is the default in development.\n\n### Releases\nThe fixed releases are available at the normal locations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04946", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04965", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04992", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05014", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05047", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05063", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05041", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05023", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05005", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/" } ], "url": "https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v8.1.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/" } ], "url": "https://github.com/rails/rails/releases/tag/v8.1.2.1" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33167", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450552", "reference_id": "2450552", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450552" }, { "reference_url": "https://github.com/advisories/GHSA-pgm4-439c-5jp6", "reference_id": "GHSA-pgm4-439c-5jp6", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pgm4-439c-5jp6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33167", "GHSA-pgm4-439c-5jp6" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pd5s-1xsg-f7a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6870?format=api", "vulnerability_id": "VCID-pmrb-t3bm-zkb6", "summary": "Denial of Service Vulnerability in Action View\nThere is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1794.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0008.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.98688", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.98687", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.98702", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.987", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.98699", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.98696", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.98695", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.70843", "scoring_system": "epss", "scoring_elements": "0.98691", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/400", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q4/400" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg" }, { "reference_url": "https://puppet.com/security/cve/cve-2013-6414", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2013-6414" }, { "reference_url": "https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836" }, { "reference_url": "https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2888" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release" }, { "reference_url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036483", "reference_id": "1036483", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036483" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6414", "reference_id": "CVE-2013-6414", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6414" }, { "reference_url": "https://github.com/advisories/GHSA-mpxf-gcw2-pw5q", "reference_id": "GHSA-mpxf-gcw2-pw5q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mpxf-gcw2-pw5q" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1794", "reference_id": "RHSA-2013:1794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0008", "reference_id": "RHSA-2014:0008", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-6414", "GHSA-mpxf-gcw2-pw5q", "OSV-100525" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmrb-t3bm-zkb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8420?format=api", "vulnerability_id": "VCID-r1u7-1avr-fqbs", "summary": "Moderate severity vulnerability that affects rails\nRails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.", "references": [ { "reference_url": "http://bugs.gentoo.org/show_bug.cgi?id=195315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=195315" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=307179", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93263", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93255", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93269", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93301", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93284", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93285", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93281", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93276", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10596", "scoring_system": "epss", "scoring_elements": "0.93268", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5379" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200711-17.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-200711-17.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release" }, { "reference_url": "https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453" }, { "reference_url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3508", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/3508" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5379", "reference_id": "CVE-2007-5379", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5379" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml", "reference_id": "CVE-2007-5379.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml" }, { "reference_url": "https://github.com/advisories/GHSA-fjfg-q662-gm6j", "reference_id": "GHSA-fjfg-q662-gm6j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fjfg-q662-gm6j" }, { "reference_url": "https://security.gentoo.org/glsa/200711-17", "reference_id": "GLSA-200711-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937460?format=api", "purl": "pkg:deb/debian/rails@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-5379", "GHSA-fjfg-q662-gm6j", "OSV-40717" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r1u7-1avr-fqbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6712?format=api", "vulnerability_id": "VCID-rps2-k24p-9qgq", "summary": "Translate helper method which may allow an attacker to insert arbitrary code into a page\nThe helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1" }, { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/18/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/18/8" }, { "reference_url": "http://osvdb.org/77199", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/77199" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.6969", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69705", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69684", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69666", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69615", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69607", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69718", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69677", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69636", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00607", "scoring_system": "epss", "scoring_elements": "0.69621", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4319" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71364", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71364" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c" }, { "reference_url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade" }, { "reference_url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU" }, { "reference_url": "https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722" }, { "reference_url": "https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342" }, { "reference_url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released" }, { "reference_url": "http://www.securityfocus.com/bid/50722", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/50722" }, { "reference_url": "http://www.securitytracker.com/id?1026342", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id?1026342" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=755004", "reference_id": "755004", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=755004" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4319", "reference_id": "CVE-2011-4319", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4319" }, { "reference_url": "https://github.com/advisories/GHSA-xxr8-833v-c7wc", "reference_id": "GHSA-xxr8-833v-c7wc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxr8-833v-c7wc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-4319", "GHSA-xxr8-833v-c7wc", "OSV-77199" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rps2-k24p-9qgq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6736?format=api", "vulnerability_id": "VCID-rq7w-zmh4-17e1", "summary": "SQL injection vulnerability in Active Record\nDue to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72694", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72679", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72662", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72652", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72604", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72611", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72628", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72605", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72644", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0073", "scoring_system": "epss", "scoring_elements": "0.72656", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661" }, { "reference_url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363", "reference_id": "827363", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827363" }, { "reference_url": "https://github.com/advisories/GHSA-fh39-v733-mxfr", "reference_id": "GHSA-fh39-v733-mxfr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh39-v733-mxfr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1542", "reference_id": "RHSA-2012:1542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0154", "reference_id": "RHSA-2013:0154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-2661", "GHSA-fh39-v733-mxfr", "OSV-82403" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rq7w-zmh4-17e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18268?format=api", "vulnerability_id": "VCID-rqfj-8y7h-eqgm", "summary": "ActionText ContentAttachment can Contain Unsanitized HTML\nInstances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML.\n\nThis has been assigned the CVE identifier CVE-2024-32464.\n\n\nVersions Affected: >= 7.1.0\nNot affected: < 7.1.0\nFixed Versions: 7.1.3.4\n\nImpact\n------\nThis could lead to a potential cross site scripting issue within the Trix editor.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nN/A\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our [maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues) regarding security issues. They are in git-am format and consist of a single changeset.\n\n* action_text_content_attachment_xss_7_1_stable.patch - Patch for 7.1 series\n\n\n\nCredits\n-------\n\nThank you [ooooooo_q](https://hackerone.com/ooooooo_q) for reporting this!", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32464", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.5138", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51354", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51443", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51414", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51435", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51392", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51393", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0028", "scoring_system": "epss", "scoring_elements": "0.51339", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32464" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/" } ], "url": "https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32464", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32464" }, { "reference_url": "https://github.com/advisories/GHSA-prjp-h48f-jgf6", "reference_id": "GHSA-prjp-h48f-jgf6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-prjp-h48f-jgf6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-32464", "GHSA-prjp-h48f-jgf6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rqfj-8y7h-eqgm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7338?format=api", "vulnerability_id": "VCID-s5ah-tf63-a7cw", "summary": "Improper Input Validation\nThe Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8743", "scoring_system": "epss", "scoring_elements": "0.99461", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.8743", "scoring_system": "epss", "scoring_elements": "0.99452", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.8743", "scoring_system": "epss", "scoring_elements": "0.99451", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.8743", "scoring_system": "epss", "scoring_elements": "0.99453", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.8743", "scoring_system": "epss", "scoring_elements": "0.99454", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.8743", "scoring_system": "epss", "scoring_elements": "0.99456", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.8743", "scoring_system": "epss", "scoring_elements": "0.99457", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.8743", "scoring_system": "epss", "scoring_elements": "0.99458", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2098" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q" }, { "reference_url": "https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725" }, { "reference_url": "https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ" }, { "reference_url": "https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122" }, { "reference_url": "https://www.exploit-db.com/exploits/40086", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/40086" }, { "reference_url": "https://www.exploit-db.com/exploits/40086/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/40086/" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3509", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3509" }, { "reference_url": "http://www.securityfocus.com/bid/83725", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/83725" }, { "reference_url": "http://www.securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035122" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054", "reference_id": "1310054", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310054" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb", "reference_id": "CVE-2016-2098", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098", "reference_id": "CVE-2016-2098", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2098" }, { "reference_url": "https://github.com/advisories/GHSA-78rc-8c29-p45g", "reference_id": "GHSA-78rc-8c29-p45g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-78rc-8c29-p45g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0456", "reference_id": "RHSA-2016:0456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937476?format=api", "purl": "pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2098", "GHSA-78rc-8c29-p45g" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ah-tf63-a7cw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8463?format=api", "vulnerability_id": "VCID-sb9g-rdnm-rqbm", "summary": "SQL Injection in Active Record\nSQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2014/07/02/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2014/07/02/5" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0876.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81322", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81336", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81315", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81283", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81351", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81282", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81252", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.8131", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01531", "scoring_system": "epss", "scoring_elements": "0.81261", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483" }, { "reference_url": "http://secunia.com/advisories/59973", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59973" }, { "reference_url": "http://secunia.com/advisories/60214", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60214" }, { "reference_url": "http://secunia.com/advisories/60763", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60763" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2982", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2982" }, { "reference_url": "http://www.securityfocus.com/bid/68343", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/68343" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425", "reference_id": "1114425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1114425" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482", "reference_id": "CVE-2014-3482", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3482" }, { "reference_url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm", "reference_id": "GHSA-mhwp-qhpc-h3jm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhwp-qhpc-h3jm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0876", "reference_id": "RHSA-2014:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937471?format=api", "purl": "pkg:deb/debian/rails@2:4.1.4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.4-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3482", "GHSA-mhwp-qhpc-h3jm", "OSV-108664" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sb9g-rdnm-rqbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11785?format=api", "vulnerability_id": "VCID-sfyc-jewr-wuf5", "summary": "Possible ReDoS vulnerability in HTTP Token authentication in Action Controller\nThere is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887.\n\nImpact\n------\n\nFor applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers on Ruby 3.2 are unaffected by this issue.\n\n\nCredits\n-------\nThanks to [scyoon](https://hackerone.com/scyoon) for reporting", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5297", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52876", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52932", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52948", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52964", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52914", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5292", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.5287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.52901", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47887" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034", "reference_id": "2319034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319034" }, { "reference_url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049", "reference_id": "56b2fc3302836405b496e196a8d5fc0195e55049", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049" }, { "reference_url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a", "reference_id": "7c1398854d51f9bb193fb79f226647351133d08a", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a" }, { "reference_url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545", "reference_id": "8e057db25bff1dc7a98e9ae72e0083825b9ac545", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887", "reference_id": "CVE-2024-47887", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47887" }, { "reference_url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2", "reference_id": "f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/" } ], "url": "https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2" }, { "reference_url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4", "reference_id": "GHSA-vfg9-r3fq-jvx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vfg9-r3fq-jvx4" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937493?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937494?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937495?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-47887", "GHSA-vfg9-r3fq-jvx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sfyc-jewr-wuf5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11925?format=api", "vulnerability_id": "VCID-sgdb-985e-4uej", "summary": "Possible ReDoS vulnerability in query parameter filtering in Action Dispatch\nThere is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128.\n\nImpact\n------\n\nCarefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers on Ruby 3.2 are unaffected by this issue.\n\n\nCredits\n-------\n\nThanks to [scyoon](https://hackerone.com/scyoon) for the report and patches!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2024-41128", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://access.redhat.com/security/cve/cve-2024-41128" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69624", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69608", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69557", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69562", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69578", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69657", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69618", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69632", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00605", "scoring_system": "epss", "scoring_elements": "0.69647", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41128" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319036" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075" }, { "reference_url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef" }, { "reference_url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891" }, { "reference_url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41128" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj", "reference_id": "GHSA-x76w-6vjr-8xgj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x76w-6vjr-8xgj" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937493?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937494?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937495?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-41128", "GHSA-x76w-6vjr-8xgj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sgdb-985e-4uej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16096?format=api", "vulnerability_id": "VCID-sygb-mygd-s3gb", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02421", "scoring_system": "epss", "scoring_elements": "0.8515", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02421", "scoring_system": "epss", "scoring_elements": "0.85129", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02421", "scoring_system": "epss", "scoring_elements": "0.85132", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02421", "scoring_system": "epss", "scoring_elements": "0.85134", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02421", "scoring_system": "epss", "scoring_elements": "0.8512", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02421", "scoring_system": "epss", "scoring_elements": "0.85113", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02421", "scoring_system": "epss", "scoring_elements": "0.85091", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02421", "scoring_system": "epss", "scoring_elements": "0.8507", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02421", "scoring_system": "epss", "scoring_elements": "0.85087", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-44566" }, { "reference_url": "https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/" } ], "url": "https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/" } ], "url": "https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf" }, { "reference_url": "https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.7.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.7.1" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid" }, { "reference_url": "https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15" }, { "reference_url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164789", "reference_id": "2164789", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164789" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44566", "reference_id": "CVE-2022-44566", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44566" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml", "reference_id": "CVE-2022-44566.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml" }, { "reference_url": "https://github.com/advisories/GHSA-579w-22j4-4749", "reference_id": "GHSA-579w-22j4-4749", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-579w-22j4-4749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937493?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937492?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-44566", "GHSA-579w-22j4-4749", "GMS-2023-59" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sygb-mygd-s3gb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6764?format=api", "vulnerability_id": "VCID-sz4r-kjse-cbdd", "summary": "Remote attacker can conduct SQL injection attacks\nRuby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for find_by_id. With a specially crafted parameter in an environment that knows the secret_token value in secret_token.rb, a remote attacker to more easily conduct SQL injection attacks.", "references": [ { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts" }, { "reference_url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/01/03/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/01/03/12" }, { "reference_url": "http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60606", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60519", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60546", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60515", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60563", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.6058", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60601", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60586", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60565", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00397", "scoring_system": "epss", "scoring_elements": "0.60444", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6497" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497" }, { "reference_url": "https://github.com/binarylogic/authlogic", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/binarylogic/authlogic" }, { "reference_url": "https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873" }, { "reference_url": "https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee" }, { "reference_url": "https://github.com/binarylogic/authlogic/pull/341", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/binarylogic/authlogic/pull/341" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6497", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6497" }, { "reference_url": "https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084" }, { "reference_url": "https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html" }, { "reference_url": "http://www.securityfocus.com/bid/57084", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/57084" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-rx7j-mw4c-76g9", "reference_id": "GHSA-rx7j-mw4c-76g9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rx7j-mw4c-76g9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-6497", "GHSA-rx7j-mw4c-76g9", "OSV-89064" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sz4r-kjse-cbdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8435?format=api", "vulnerability_id": "VCID-t2cx-7ycd-tqhq", "summary": "activesupport Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2015/06/16/17", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2015/06/16/17" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43761", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4366", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43716", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43741", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43728", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43748", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43699", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU" }, { "reference_url": "https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ" }, { "reference_url": "https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231" }, { "reference_url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232310", "reference_id": "1232310", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1232310" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486", "reference_id": "790486", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3226", "reference_id": "CVE-2015-3226", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3226" }, { "reference_url": "https://github.com/advisories/GHSA-vxvp-4xwc-jpp6", "reference_id": "GHSA-vxvp-4xwc-jpp6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vxvp-4xwc-jpp6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937474?format=api", "purl": "pkg:deb/debian/rails@2:4.2.4-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.4-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-3226", "GHSA-vxvp-4xwc-jpp6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2cx-7ycd-tqhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33875?format=api", "vulnerability_id": "VCID-t684-yp58-hkg8", "summary": "ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore\nIn ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when\nuntrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result\nfrom the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:\n\n```\ndata = cache.fetch(\"demo\", raw: true) { untrusted_string }\n```\nVersions Affected: rails < 5.2.5, rails < 6.0.4\nNot affected: Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input.\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n \nImpact\n------\nUnmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,\nthis vulnerability allows an attacker to inject untrusted Ruby objects into a web application.\nIn addition to upgrading to the latest versions of Rails, developers should ensure that whenever\nthey are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both\nreading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,\ndetect if data was serialized using the raw option upon deserialization.\n\nWorkarounds\n-----------\nIt is recommended that application developers apply the suggested patch or upgrade to the latest release as\nsoon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using\nthe `raw` argument should be double-checked to ensure that they conform to the expected format.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99588", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99589", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99584", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99585", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99586", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90128", "scoring_system": "epss", "scoring_elements": "0.99587", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c" }, { "reference_url": "https://hackerone.com/reports/413388", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/413388" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8165", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8165" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20250509-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20250509-0002" }, { "reference_url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2020/dsa-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843072", "reference_id": "1843072", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1843072" }, { "reference_url": "https://github.com/advisories/GHSA-2p68-f74v-9wc6", "reference_id": "GHSA-2p68-f74v-9wc6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2p68-f74v-9wc6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1313", "reference_id": "RHSA-2021:1313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937482?format=api", "purl": "pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8165", "GHSA-2p68-f74v-9wc6" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t684-yp58-hkg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16111?format=api", "vulnerability_id": "VCID-t9yh-ss8z-e3cb", "summary": "Duplicate\nThis advisory duplicates another.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06659", "scoring_system": "epss", "scoring_elements": "0.9124", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.06659", "scoring_system": "epss", "scoring_elements": "0.91216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06659", "scoring_system": "epss", "scoring_elements": "0.91213", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06659", "scoring_system": "epss", "scoring_elements": "0.91206", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06659", "scoring_system": "epss", "scoring_elements": "0.91179", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06659", "scoring_system": "epss", "scoring_elements": "0.91186", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06659", "scoring_system": "epss", "scoring_elements": "0.9117", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06659", "scoring_system": "epss", "scoring_elements": "0.912", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v7.0.4.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v7.0.4.1" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240202-0008" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240202-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20240202-0008/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5372", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050", "reference_id": "1030050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164785", "reference_id": "2164785", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164785" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22794", "reference_id": "CVE-2023-22794", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22794" }, { "reference_url": "https://github.com/advisories/GHSA-hq7p-j377-6v63", "reference_id": "GHSA-hq7p-j377-6v63", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hq7p-j377-6v63" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6818", "reference_id": "RHSA-2023:6818", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6818" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937488?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937492?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2023-22794", "GHSA-hq7p-j377-6v63", "GMS-2023-60" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9yh-ss8z-e3cb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7296?format=api", "vulnerability_id": "VCID-thx6-usb2-kkgc", "summary": "Nested attributes rejection proc bypass\nWhen using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the `allow_destroy: false` option to the `accepts_nested_attributes_for` method. The `allow_destroy` flag prevents the `:reject_if` proc from being called because it assumes that the record will be destroyed anyway. However, this is not true if `:allow_destroy` is false so this leads to changes that would have been rejected being applied to the record. Attackers could set attributes to invalid values or clear all the attributes.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.79007", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.78933", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.78939", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.78967", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.78951", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.78975", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.78981", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.79005", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.7899", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01209", "scoring_system": "epss", "scoring_elements": "0.78979", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7577" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/10" }, { "reference_url": "http://www.securityfocus.com/bid/81806", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/81806" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957", "reference_id": "1301957", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301957" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-xrr6-3pc4-m447", "reference_id": "GHSA-xrr6-3pc4-m447", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr6-3pc4-m447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937475?format=api", "purl": "pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-7577", "GHSA-xrr6-3pc4-m447" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-thx6-usb2-kkgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34017?format=api", "vulnerability_id": "VCID-up42-s1t8-eqa1", "summary": "Information disclosure issue in Active Resource\nThere is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52081", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52157", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52116", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52131", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52148", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52096", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.521", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52006", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52054", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52046", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8151" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/activeresource", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/activeresource" }, { "reference_url": "https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e" }, { "reference_url": "https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8151", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8151" }, { "reference_url": "https://github.com/advisories/GHSA-46j2-xjgp-jrfm", "reference_id": "GHSA-46j2-xjgp-jrfm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-46j2-xjgp-jrfm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8151", "GHSA-46j2-xjgp-jrfm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-up42-s1t8-eqa1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6798?format=api", "vulnerability_id": "VCID-uudj-r63z-kban", "summary": "XML Parsing Vulnerability affecting JRuby users\nThere is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72196", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.7211", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72116", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72136", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72114", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.7215", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72162", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72184", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00707", "scoring_system": "epss", "scoring_elements": "0.72155", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1856" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1856", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1856" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856", "reference_id": "", "reference_type": "", "scores": [], "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/03/18/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/03/18/4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-9c2j-593q-3g82", "reference_id": "GHSA-9c2j-593q-3g82", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c2j-593q-3g82" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1856", "GHSA-9c2j-593q-3g82", "OSV-91451" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uudj-r63z-kban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7299?format=api", "vulnerability_id": "VCID-v3r3-bwp5-a3bn", "summary": "Path Traversal\nThe Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0296.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91051", "scoring_system": "epss", "scoring_elements": "0.99639", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91051", "scoring_system": "epss", "scoring_elements": "0.99637", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91051", "scoring_system": "epss", "scoring_elements": "0.9964", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.91051", "scoring_system": "epss", "scoring_elements": "0.99641", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.91051", "scoring_system": "epss", "scoring_elements": "0.99638", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00" }, { "reference_url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ" }, { "reference_url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801" }, { "reference_url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752" }, { "reference_url": "https://www.exploit-db.com/exploits/40561", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/40561" }, { "reference_url": "https://www.exploit-db.com/exploits/40561/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "https://www.exploit-db.com/exploits/40561/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3464", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.debian.org/security/2016/dsa-3464" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/01/25/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2016/01/25/13" }, { "reference_url": "http://www.securityfocus.com/bid/81801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securityfocus.com/bid/81801" }, { "reference_url": "http://www.securitytracker.com/id/1034816", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/" } ], "url": "http://www.securitytracker.com/id/1034816" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963", "reference_id": "1301963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1301963" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb", "reference_id": "CVE-2016-0752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752", "reference_id": "CVE-2016-0752", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0752" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml", "reference_id": "CVE-2016-0752.YML", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml" }, { "reference_url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7", "reference_id": "GHSA-xrr4-p6fq-hjg7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xrr4-p6fq-hjg7" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0296", "reference_id": "RHSA-2016:0296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937475?format=api", "purl": "pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-0752", "GHSA-xrr4-p6fq-hjg7" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v3r3-bwp5-a3bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33415?format=api", "vulnerability_id": "VCID-v9mt-t1pb-hybk", "summary": "Cross site scripting vulnerability in ActionView\nThere is a possible cross site scripting (XSS) vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks.\n\n### Impact\n\nThere is a possible XSS vulnerability in the `j` and `escape_javascript` methods in ActionView. These methods are used for escaping JavaScript string literals. Impacted code will look something like this:\n\n```erb\n<script>let a = `<%= j unknown_input %>`</script>\n```\n\nor\n\n```erb\n<script>let a = `<%= escape_javascript unknown_input %>`</script>\n```\n\n### Releases\n\nThe 6.0.2.2 and 5.2.4.2 releases are available at the normal locations.\n\n### Workarounds\n\nFor those that can't upgrade, the following monkey patch may be used:\n\n```ruby\nActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!(\n {\n \"`\" => \"\\\\`\",\n \"$\" => \"\\\\$\"\n }\n)\n\nmodule ActionView::Helpers::JavaScriptHelper\n alias :old_ej :escape_javascript\n alias :old_j :j\n\n def escape_javascript(javascript)\n javascript = javascript.to_s\n if javascript.empty?\n result = \"\"\n else\n result = javascript.gsub(/(\\\\|<\\/|\\r\\n|\\342\\200\\250|\\342\\200\\251|[\\n\\r\"']|[`]|[$])/u, JS_ESCAPE_MAP)\n end\n javascript.html_safe? ? result.html_safe : result\n end\n\n alias :j :escape_javascript\nend\n```\n\n### Patches\n\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* [5-2-js-helper-xss.patch](https://gist.github.com/tenderlove/c042ff49f0347c37e99183a6502accc6#file-5-2-js-helper-xss-patch) - Patch for 5.2 series\n* [6-0-js-helper-xss.patch](https://gist.github.com/tenderlove/c042ff49f0347c37e99183a6502accc6#file-6-0-js-helper-xss-patch) - Patch for 6.0 series\n\nPlease note that only the 5.2 and 6.0 series are supported at present. Users\nof earlier unsupported releases are advised to upgrade as soon as possible as we\ncannot guarantee the continued availability of security fixes for unsupported\nreleases.\n\n### Credits\n\nThanks to Jesse Campos from Chef Secure", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5267", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75441", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75504", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75461", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75472", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75493", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75406", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75474", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75465", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00887", "scoring_system": "epss", "scoring_elements": "0.75422", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-5267" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5267", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:P/A:N" }, { "value": "4.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5267" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/03/19/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/03/19/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831528", "reference_id": "1831528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831528" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304", "reference_id": "954304", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:actionview:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:actionview:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:actionview:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-65cv-r6x7-79hv", "reference_id": "GHSA-65cv-r6x7-79hv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65cv-r6x7-79hv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4366", "reference_id": "RHSA-2020:4366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937481?format=api", "purl": "pkg:deb/debian/rails@2:5.2.4.1%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.1%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-5267", "GHSA-65cv-r6x7-79hv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9mt-t1pb-hybk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6718?format=api", "vulnerability_id": "VCID-va9q-fjn6-yqee", "summary": "Direct Manipulation XSS\nRuby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate direct manipulations of `SafeBuffer` objects via `'[]'` and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59347", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59266", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59316", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59329", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59348", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59332", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59314", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59204", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59278", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00377", "scoring_system": "epss", "scoring_elements": "0.59302", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1098" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=799275", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=799275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098" }, { "reference_url": "https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1098", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1098" }, { "reference_url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/02/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/02/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/03/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/03/1" }, { "reference_url": "https://github.com/advisories/GHSA-qv8p-v9qw-wc7g", "reference_id": "GHSA-qv8p-v9qw-wc7g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qv8p-v9qw-wc7g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937469?format=api", "purl": "pkg:deb/debian/rails@2.3.14?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2012-1098", "GHSA-qv8p-v9qw-wc7g", "OSV-79726" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-va9q-fjn6-yqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8422?format=api", "vulnerability_id": "VCID-vgm2-8wjy-x7ed", "summary": "Improper Input Validation\nRuby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" }, { "reference_url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup" }, { "reference_url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.9359", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93535", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93544", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93552", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93553", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93561", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93564", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.9357", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11409", "scoring_system": "epss", "scoring_elements": "0.93571", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-7248" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=544329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=544329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248" }, { "reference_url": "http://secunia.com/advisories/36600", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/36600" }, { "reference_url": "http://secunia.com/advisories/38915", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/38915" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a" }, { "reference_url": "https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en" }, { "reference_url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html" }, { "reference_url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup" }, { "reference_url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/" }, { "reference_url": "https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2009/11/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2009/11/28/1" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2009/12/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2009/12/02/2" }, { "reference_url": "https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" }, { "reference_url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/28/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/12/02/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/12/02/2" }, { "reference_url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2009/2544", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2009/2544" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685", "reference_id": "558685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2008-7248", "reference_id": "CVE-2008-7248", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2008-7248" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7248", "reference_id": "CVE-2008-7248", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-7248" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt", "reference_id": "CVE-2008-7248;OSVDB-61124", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt" }, { "reference_url": "https://www.securityfocus.com/bid/37322/info", "reference_id": "CVE-2008-7248;OSVDB-61124", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/37322/info" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml", "reference_id": "CVE-2008-7248.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml" }, { "reference_url": "https://github.com/advisories/GHSA-8fqx-7pv4-3jwm", "reference_id": "GHSA-8fqx-7pv4-3jwm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fqx-7pv4-3jwm" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937464?format=api", "purl": "pkg:deb/debian/rails@2.2.3-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-7248", "GHSA-8fqx-7pv4-3jwm" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgm2-8wjy-x7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47410?format=api", "vulnerability_id": "VCID-wg3a-j2dp-ayh4", "summary": "Possible DoS Vulnerability in Action Controller Token Authentication\nThere is a possible DoS vulnerability in the Token Authentication logic in Action Controller.\n\nVersions Affected: >= 4.0.0\nNot affected: < 4.0.0\nFixed Versions: 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6\n\nImpact\n------\nImpacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication. Impacted code will look something like this:\n\n```\nclass PostsController < ApplicationController\n before_action :authenticate\n\n private\n\n def authenticate\n authenticate_or_request_with_http_token do |token, options|\n # ...\n end\n end\nend\n```\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThe following monkey patch placed in an initializer can be used to work around the issue:\n\n```ruby\nmodule ActionController::HttpAuthentication::Token\n AUTHN_PAIR_DELIMITERS = /(?:,|;|\\t)/\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* 5-2-http-authentication-dos.patch - Patch for 5.2 series\n* 6-0-http-authentication-dos.patch - Patch for 6.0 series\n* 6-1-http-authentication-dos.patch - Patch for 6.1 series\n\nPlease note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nCredits\n-------\nThank you to https://hackerone.com/wonda_tea_coffee for reporting this issue!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.92022", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.92007", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.92004", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.92", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.91987", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.91981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.91966", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07856", "scoring_system": "epss", "scoring_elements": "0.91974", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22904" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.4.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.4.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v5.2.6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v5.2.6" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.0.3.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.0.3.7" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ" }, { "reference_url": "https://hackerone.com/reports/1101125", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1101125" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22904" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0009" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0009/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210805-0009/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379", "reference_id": "1961379", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961379" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-1920", "reference_id": "AVG-1920", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1920" }, { "reference_url": "https://security.archlinux.org/AVG-1921", "reference_id": "AVG-1921", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1921" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584", "reference_id": "GHSA-7wjx-3g7j-8584", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wjx-3g7j-8584" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937486?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22904", "GHSA-7wjx-3g7j-8584" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg3a-j2dp-ayh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8416?format=api", "vulnerability_id": "VCID-wgr4-rzk2-4yet", "summary": "Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to \"URL-based sessions.\"", "references": [ { "reference_url": "http://bugs.gentoo.org/show_bug.cgi?id=195315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=195315" }, { "reference_url": "http://docs.info.apple.com/article.html?artnum=307179", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.info.apple.com/article.html?artnum=307179" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90508", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90563", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90545", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90504", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90551", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90552", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90543", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90537", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90524", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05845", "scoring_system": "epss", "scoring_elements": "0.90518", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380" }, { "reference_url": "http://secunia.com/advisories/27657", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27657" }, { "reference_url": "http://secunia.com/advisories/27965", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27965" }, { "reference_url": "http://secunia.com/advisories/28136", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/28136" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200711-17.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-200711-17.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.novell.com/linux/security/advisories/2007_25_sr.html" }, { "reference_url": "http://www.securityfocus.com/bid/26096", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/26096" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/3508", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/3508" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/4238", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/4238" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5380", "reference_id": "CVE-2007-5380", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5380" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml", "reference_id": "CVE-2007-5380.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml" }, { "reference_url": "https://github.com/advisories/GHSA-jwhv-rgqc-fqj5", "reference_id": "GHSA-jwhv-rgqc-fqj5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwhv-rgqc-fqj5" }, { "reference_url": "https://security.gentoo.org/glsa/200711-17", "reference_id": "GLSA-200711-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-17" }, { "reference_url": "https://security.gentoo.org/glsa/200912-02", "reference_id": "GLSA-200912-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-02" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937460?format=api", "purl": "pkg:deb/debian/rails@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-5380", "GHSA-jwhv-rgqc-fqj5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgr4-rzk2-4yet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8418?format=api", "vulnerability_id": "VCID-wyqh-g8df-hkay", "summary": "rails is vulnerable to CRLF injection\nCRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.", "references": [ { "reference_url": "http://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails" }, { "reference_url": "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38214", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38187", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38195", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38201", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38178", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38245", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38268", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00169", "scoring_system": "epss", "scoring_elements": "0.38137", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189" }, { "reference_url": "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing" }, { "reference_url": "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk" }, { "reference_url": "http://www.securityfocus.com/bid/32359", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/32359" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=472510", "reference_id": "472510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=472510" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5189", "reference_id": "CVE-2008-5189", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5189" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml", "reference_id": "CVE-2008-5189.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml" }, { "reference_url": "https://github.com/advisories/GHSA-jmgf-p46x-982h", "reference_id": "GHSA-jmgf-p46x-982h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmgf-p46x-982h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937463?format=api", "purl": "pkg:deb/debian/rails@2.1.0-6?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.1.0-6%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2008-5189", "GHSA-jmgf-p46x-982h" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wyqh-g8df-hkay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48826?format=api", "vulnerability_id": "VCID-wyy6-h8bq-vyde", "summary": "Denial of Service in Action Dispatch\nImpact\n------\nThere is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nThe following monkey patch placed in an initializer can be used to work around the issue.\n\n```ruby\nmodule Mime\n class Type\n MIME_REGEXP = /\\A(?:\\*\\/\\*|#{MIME_NAME}\\/(?:\\*|#{MIME_NAME})(?>\\s*#{MIME_PARAMETER}\\s*)*)\\z/\n end\nend\n```\n\nPatches\n-------\nTo aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* 6-0-Prevent-catastrophic-backtracking-during-mime-parsin.patch - Patch for 6.0 series\n* 6-1-Prevent-catastrophic-backtracking-during-mime-parsin.patch - Patch for 6.1 series\n\nPlease note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n\nCredits\n-------\n\nThanks to Security Curious <security...@pm.me> for reporting this!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22902.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22902.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77701", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77664", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77665", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77681", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77655", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77649", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77605", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77621", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77639", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01063", "scoring_system": "epss", "scoring_elements": "0.77612", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22902" }, { "reference_url": "https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.0.3.7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.0.3.7" }, { "reference_url": "https://github.com/rails/rails/releases/tag/v6.1.3.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/releases/tag/v6.1.3.2" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c" }, { "reference_url": "https://hackerone.com/reports/1138654", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/1138654" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22902", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22902" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961382", "reference_id": "1961382", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961382" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214", "reference_id": "988214", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214" }, { "reference_url": "https://security.archlinux.org/AVG-2090", "reference_id": "AVG-2090", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2090" }, { "reference_url": "https://security.archlinux.org/AVG-2223", "reference_id": "AVG-2223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2223" }, { "reference_url": "https://github.com/advisories/GHSA-g8ww-46x2-2p65", "reference_id": "GHSA-g8ww-46x2-2p65", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g8ww-46x2-2p65" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4702", "reference_id": "RHSA-2021:4702", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4702" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937486?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-22902", "GHSA-g8ww-46x2-2p65" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wyy6-h8bq-vyde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6799?format=api", "vulnerability_id": "VCID-xa94-z6yu-skf8", "summary": "Symbol DoS vulnerability in Active Record\nWhen a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately.", "references": [ { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0699.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1863.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0699", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0699" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1863", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1863" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-1854" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.82726", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.828", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.82761", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.82766", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.82771", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.82723", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.82755", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.82697", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.82748", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01795", "scoring_system": "epss", "scoring_elements": "0.82713", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1854" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=921329" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml" }, { "reference_url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE" }, { "reference_url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1854" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-3crr-9vmg-864v", "reference_id": "GHSA-3crr-9vmg-864v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3crr-9vmg-864v" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937470?format=api", "purl": "pkg:deb/debian/rails@2.3.14.1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2013-1854", "GHSA-3crr-9vmg-864v", "OSV-91453" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xa94-z6yu-skf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8467?format=api", "vulnerability_id": "VCID-xqzj-cww4-nbcy", "summary": "Moderate severity vulnerability that affects rails\nCross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.", "references": [ { "reference_url": "http://bugs.gentoo.org/show_bug.cgi?id=195315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://bugs.gentoo.org/show_bug.cgi?id=195315" }, { "reference_url": "http://dev.rubyonrails.org/ticket/8371", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://dev.rubyonrails.org/ticket/8371" }, { "reference_url": "http://osvdb.org/36378", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/36378" }, { "reference_url": "http://pastie.caboo.se/65550.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://pastie.caboo.se/65550.txt" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94261", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94247", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94246", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94242", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94238", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94229", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94227", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13632", "scoring_system": "epss", "scoring_elements": "0.94205", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227" }, { "reference_url": "http://secunia.com/advisories/25699", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/25699" }, { "reference_url": "http://secunia.com/advisories/27657", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27657" }, { "reference_url": "http://secunia.com/advisories/27756", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/27756" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200711-17.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-200711-17.xml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release" }, { "reference_url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release" }, { "reference_url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.novell.com/linux/security/advisories/2007_24_sr.html" }, { "reference_url": "http://www.securityfocus.com/bid/24161", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/24161" }, { "reference_url": "http://www.vupen.com/english/advisories/2007/2216", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vupen.com/english/advisories/2007/2216" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177", "reference_id": "429177", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3227", "reference_id": "CVE-2007-3227", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3227" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt", "reference_id": "CVE-2007-3227;OSVDB-36378", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt" }, { "reference_url": "https://www.securityfocus.com/bid/24161/info", "reference_id": "CVE-2007-3227;OSVDB-36378", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/24161/info" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml", "reference_id": "CVE-2007-3227.YML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml" }, { "reference_url": "https://github.com/advisories/GHSA-gm25-fpmr-43fj", "reference_id": "GHSA-gm25-fpmr-43fj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gm25-fpmr-43fj" }, { "reference_url": "https://security.gentoo.org/glsa/200711-17", "reference_id": "GLSA-200711-17", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-17" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937460?format=api", "purl": "pkg:deb/debian/rails@1.2.5-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.5-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2007-3227", "GHSA-gm25-fpmr-43fj", "OSV-36378" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xqzj-cww4-nbcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13873?format=api", "vulnerability_id": "VCID-xxbb-7e3n-9yb3", "summary": "Cross site scripting in actionpack Rubygem\nA cross-site scripting vulnerability flaw was found in the `auto_link` function in Rails before version 3.0.6.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1497", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5576", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55722", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5574", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55759", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.5575", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55696", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55584", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55747", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00328", "scoring_system": "epss", "scoring_elements": "0.55718", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1497" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG" }, { "reference_url": "https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d" }, { "reference_url": "https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2011/04/06/13", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2011/04/06/13" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015262", "reference_id": "2015262", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015262" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1497", "reference_id": "CVE-2011-1497", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-1497" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml", "reference_id": "CVE-2011-1497.YML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml" }, { "reference_url": "https://github.com/advisories/GHSA-q58j-fmvf-9rq6", "reference_id": "GHSA-q58j-fmvf-9rq6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q58j-fmvf-9rq6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-1497", "GHSA-q58j-fmvf-9rq6" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxbb-7e3n-9yb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8459?format=api", "vulnerability_id": "VCID-y54w-a8kr-suhy", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nRuby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.", "references": [ { "reference_url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71795", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71712", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71719", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71738", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.7175", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71762", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.7177", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.71752", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0448" }, { "reference_url": "http://secunia.com/advisories/43278", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/43278" }, { "reference_url": "http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [], "url": "http://securitytracker.com/id?1025063" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml" }, { "reference_url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063" }, { "reference_url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4" }, { "reference_url": "http://www.vupen.com/english/advisories/2011/0877", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vupen.com/english/advisories/2011/0877" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448", "reference_id": "CVE-2011-0448", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0448" }, { "reference_url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w", "reference_id": "GHSA-jmm9-2p29-vh2w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jmm9-2p29-vh2w" }, { "reference_url": "https://security.gentoo.org/glsa/201412-28", "reference_id": "GLSA-201412-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937467?format=api", "purl": "pkg:deb/debian/rails@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2011-0448", "GHSA-jmm9-2p29-vh2w" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y54w-a8kr-suhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12069?format=api", "vulnerability_id": "VCID-yy6t-ybeu-qycc", "summary": "Possible ReDoS vulnerability in block_format in Action Mailer\nThere is a possible ReDoS vulnerability in the block_format helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889.\n\nImpact\n------\n\nCarefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.\n\nRuby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.\n\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nUsers can avoid calling the `block_format` helper or upgrade to Ruby 3.2\n\nCredits\n-------\n\nThanks to yuki_osaki for the report!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47889", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57094", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.5709", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57111", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57099", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57097", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57047", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57046", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00344", "scoring_system": "epss", "scoring_elements": "0.57069", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47889" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml" }, { "reference_url": "https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94", "reference_id": "0e5694f4d32544532d2301a9b4084eacb6986e94", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376", "reference_id": "1085376", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319033", "reference_id": "2319033", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319033" }, { "reference_url": "https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3", "reference_id": "3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3" }, { "reference_url": "https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9", "reference_id": "985f1923fa62806ff676e41de67c3b4552131ab9", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9" }, { "reference_url": "https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e", "reference_id": "be898cc996986decfe238341d96b2a6573b8fd2e", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/" } ], "url": "https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47889", "reference_id": "CVE-2024-47889", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47889" }, { "reference_url": "https://github.com/advisories/GHSA-h47h-mwp9-c6q6", "reference_id": "GHSA-h47h-mwp9-c6q6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h47h-mwp9-c6q6" }, { "reference_url": "https://usn.ubuntu.com/7290-1/", "reference_id": "USN-7290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937493?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937494?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937495?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-47889", "GHSA-h47h-mwp9-c6q6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy6t-ybeu-qycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27443?format=api", "vulnerability_id": "VCID-yzpx-3gam-y3bu", "summary": "Active Storage allowed transformation methods that were potentially unsafe\nActive Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default.\n\nThe default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters.\n\nThis has been assigned the CVE identifier CVE-2025-24293.\n\n\nVersions Affected: >= 5.2.0\nNot affected: < 5.2.0\nFixed Versions: 7.1.5.2, 7.2.2.2, 8.0.2.1\n\nImpact\n------\nThis vulnerability impacts applications that use Active Storage with the image_processing processing gem in addition to mini_magick as the image processor.\n\nVulnerable code will look something similar to this:\n\n```\n<%= image_tag blob.variant(params[:t] => params[:v]) %>\n```\n\nWhere the transformation method or its arguments are untrusted arbitrary input.\n\nAll users running an affected release should either upgrade or use one of the workarounds immediately.\n\nReleases\n--------\nThe fixed releases are available at the normal locations.\n\nWorkarounds\n-----------\nConsuming user supplied input for image transformation methods or their parameters is unsupported behavior and should be considered dangerous.\n\nStrict validation of user supplied methods and parameters should be performed as well as having a strong [ImageMagick security policy](https://imagemagick.org/script/security-policy.php) deployed.\n\nCredits\n-------\n\nThank you [lio346](https://hackerone.com/lio346) from Unit 515 of OPSWAT for reporting this!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42056", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42119", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.002", "scoring_system": "epss", "scoring_elements": "0.42091", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43312", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43361", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43301", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43316", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43347", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00209", "scoring_system": "epss", "scoring_elements": "0.43327", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24293" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24293" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-r4mg-4433-c7g3", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-02T14:45:32Z/" } ], "url": "https://github.com/advisories/GHSA-r4mg-4433-c7g3" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354" }, { "reference_url": "https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce" }, { "reference_url": "https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24293", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24293" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435565", "reference_id": "2435565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435565" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937496?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937497?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-24293", "GHSA-r4mg-4433-c7g3" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yzpx-3gam-y3bu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7339?format=api", "vulnerability_id": "VCID-z1jv-4ga2-7kd1", "summary": "Possible Information Leak Vulnerability\nApplications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83281", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83257", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83242", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83226", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83295", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83299", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83305", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.8329", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01912", "scoring_system": "epss", "scoring_elements": "0.83331", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4" }, { "reference_url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4" }, { "reference_url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122" }, { "reference_url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726" }, { "reference_url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released" }, { "reference_url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3509", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2016/dsa-3509" }, { "reference_url": "http://www.securityfocus.com/bid/83726", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/83726" }, { "reference_url": "http://www.securitytracker.com/id/1035122", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1035122" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043", "reference_id": "1310043", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310043" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097", "reference_id": "CVE-2016-2097", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2097" }, { "reference_url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8", "reference_id": "GHSA-vx9j-46rh-fqr8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vx9j-46rh-fqr8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0454", "reference_id": "RHSA-2016:0454", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0454" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0455", "reference_id": "RHSA-2016:0455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0456", "reference_id": "RHSA-2016:0456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0456" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937476?format=api", "purl": "pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.2-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-2097", "GHSA-vx9j-46rh-fqr8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z1jv-4ga2-7kd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7028?format=api", "vulnerability_id": "VCID-zkvd-bfd6-t7dg", "summary": "Arbitrary file existence disclosure\nSpecially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44858", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44834", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44822", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44762", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44815", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44817", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44803", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44721", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44805", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44801", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818" }, { "reference_url": "https://github.com/advisories/GHSA-29gr-w57f-rpfw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29gr-w57f-rpfw" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml" }, { "reference_url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7818", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7818" }, { "reference_url": "https://puppet.com/security/cve/cve-2014-7829", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://puppet.com/security/cve/cve-2014-7829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161499", "reference_id": "1161499", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1161499" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934", "reference_id": "770934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937473?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-7818", "GHSA-29gr-w57f-rpfw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zkvd-bfd6-t7dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/27910?format=api", "vulnerability_id": "VCID-zqzx-avvt-wkhm", "summary": "Active Record logging vulnerable to ANSI escape injection\nThis vulnerability has been assigned the CVE identifier CVE-2025-55193\n\n### Impact\nThe ID passed to `find` or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences.\n\n### Releases\nThe fixed releases are available at the normal locations.\n\n### Credits\n\nThanks to [lio346](https://hackerone.com/lio346) from Unit 515 of OPSWAT for reporting this vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3337", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33335", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33358", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.334", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33396", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33475", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33444", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33363", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rails/rails", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rails/rails" }, { "reference_url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290" }, { "reference_url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b" }, { "reference_url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202" }, { "reference_url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:42:07Z/" } ], "url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2025-55193.yml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106", "reference_id": "1111106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111106" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446", "reference_id": "2388446", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388446" }, { "reference_url": "https://github.com/advisories/GHSA-76r7-hhxj-r776", "reference_id": "GHSA-76r7-hhxj-r776", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-76r7-hhxj-r776" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937496?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937497?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-55193", "GHSA-76r7-hhxj-r776" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqzx-avvt-wkhm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35384?format=api", "vulnerability_id": "VCID-zy7d-3db6-sydw", "summary": "Cross-site scripting in actionpack\nIn actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.\n\nWorkarounds\n-----------\nUntil such time as the patch can be applied, application developers should disable the Actionable Exceptions middleware in their development environment via a line such as this one in their config/environment/development.rb: `config.middleware.delete ActionDispatch::ActionableExceptions`", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8264.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8264.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57186", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57206", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57225", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.5716", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57183", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57159", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57213", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57211", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8264" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8264", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8264" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8264.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8264.yml" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk" }, { "reference_url": "https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ" }, { "reference_url": "https://hackerone.com/reports/904059", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hackerone.com/reports/904059" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8264", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8264" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886554", "reference_id": "1886554", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886554" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971988", "reference_id": "971988", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971988" }, { "reference_url": "https://github.com/advisories/GHSA-35mm-cc6r-8fjp", "reference_id": "GHSA-35mm-cc6r-8fjp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-35mm-cc6r-8fjp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937484?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.4%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.4%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-8264", "GHSA-35mm-cc6r-8fjp" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zy7d-3db6-sydw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10496?format=api", "vulnerability_id": "VCID-zydu-j9dg-fqdb", "summary": "Improper Input Validation\nA remote code execution vulnerability in development mode Rails can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5420.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5420.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93745", "scoring_system": "epss", "scoring_elements": "0.99853", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.93745", "scoring_system": "epss", "scoring_elements": "0.9985", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.93745", "scoring_system": "epss", "scoring_elements": "0.99851", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.93745", "scoring_system": "epss", "scoring_elements": "0.99852", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5420" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "https://www.exploit-db.com/exploits/46785", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46785" }, { "reference_url": "https://www.exploit-db.com/exploits/46785/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46785/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689154", "reference_id": "1689154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689154" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521", "reference_id": "924521", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb", "reference_id": "CVE-2019-5420", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5420", "reference_id": "CVE-2019-5420", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5420" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb", "reference_id": "CVE-2019-5420", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb" }, { "reference_url": "https://github.com/advisories/GHSA-m42h-mh85-4qgc", "reference_id": "GHSA-m42h-mh85-4qgc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m42h-mh85-4qgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937479?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-5420", "GHSA-m42h-mh85-4qgc" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zydu-j9dg-fqdb" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }