Package Instance

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11

reference_url

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/commit/29154f1097da13d48fdb3200760b3e3da66dcb11

reference_url

https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/commit/b54a4b373c6f042cab6ee2033246b1c9ecc38974

reference_url

https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/commit/ec1a0e215efd27a3b3911aae6df978a80f456a49

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:45:49Z/

url

https://github.com/rails/rails/security/advisories/GHSA-cg4j-q9v8-6v38

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33169

reference_id

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33169

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450556
reference_id	2450556
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450556

reference_url

https://github.com/advisories/GHSA-cg4j-q9v8-6v38

reference_id

GHSA-cg4j-q9v8-6v38

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cg4j-q9v8-6v38

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33169, GHSA-cg4j-q9v8-6v38

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4tzv-1t1b-t3g3

url VCID-5tky-d2en-u7c7

vulnerability_id VCID-5tky-d2en-u7c7

summary

Rails Active Support has a possible XSS vulnerability in SafeBuffer#%
### Impact
`SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!`) and then formatted with `%` using untrusted arguments, the result incorrectly reports `html_safe? == true`, bypassing ERB auto-escaping and possibly leading to XSS.

### Releases
The fixed releases are available at the normal locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33170

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02157
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.022
published_at	2026-04-02T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02204
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02199
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02201
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02222
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02183
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02179
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33170

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/commit/50d732af3b7c8aaf63cbcca0becbc00279b215b7

reference_url

https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/commit/6e8a81108001d58043de9e54a06fca58962fc2db

reference_url

https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/commit/c1ad0e8e1972032f3395853a5e99cea035035beb

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T19:20:16Z/

url

https://github.com/rails/rails/security/advisories/GHSA-89vf-4333-qx8v

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33170

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33170

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450543
reference_id	2450543
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450543

reference_url

https://github.com/advisories/GHSA-89vf-4333-qx8v

reference_id

GHSA-89vf-4333-qx8v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-89vf-4333-qx8v

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33170, GHSA-89vf-4333-qx8v

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5tky-d2en-u7c7

url VCID-96qr-hdbp-p7ff

vulnerability_id VCID-96qr-hdbp-p7ff

summary

Rails has a possible XSS vulnerability in its Action View tag helpers
### Impact
When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that allow users to specify custom HTML attributes are affected.

### Releases
The fixed releases are available at the normal locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33168

reference_id

reference_type

scores

value	0.00023
scoring_system	epss
scoring_elements	0.06199
published_at	2026-04-16T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06241
published_at	2026-04-13T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06251
published_at	2026-04-12T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06255
published_at	2026-04-11T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06265
published_at	2026-04-09T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06227
published_at	2026-04-08T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06185
published_at	2026-04-07T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06203
published_at	2026-04-04T12:55:00Z

value	0.00023
scoring_system	epss
scoring_elements	0.06172
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33168

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/commit/0b6f8002b52b9c606fd6be9e7915d9f944cf539c

reference_url

https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/commit/63f5ad83edaa0b976f82d46988d745426aa4a42d

reference_url

https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/commit/c79a07df1e88738df8f68cb0ee759ad6128ca924

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq

reference_id

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:36:28Z/

url

https://github.com/rails/rails/security/advisories/GHSA-v55j-83pf-r9cq

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33168

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33168

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450549
reference_id	2450549
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450549

reference_url

https://github.com/advisories/GHSA-v55j-83pf-r9cq

reference_id

GHSA-v55j-83pf-r9cq

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v55j-83pf-r9cq

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33168, GHSA-v55j-83pf-r9cq

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96qr-hdbp-p7ff

url VCID-a6z9-5n6k-2kak

vulnerability_id VCID-a6z9-5n6k-2kak

summary

Rails Active Storage has possible content type bypass via metadata in direct uploads
### Impact
Active Storage's `DirectUploadsController` accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like `identified` and `analyzed` are stored in the same metadata hash, a malicious direct-upload client could set these flags.

### Releases
The fixed releases are available at the normal locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33173.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33173.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33173

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02269
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02285
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02288
published_at	2026-04-12T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02303
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02318
published_at	2026-04-09T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02297
published_at	2026-04-08T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02294
published_at	2026-04-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02296
published_at	2026-04-04T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.0229
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33173

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33173
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33173

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53

reference_url

https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e

reference_url

https://github.com/rails/rails/commit/d9502f5214e2198245a4c1defe9cd02a7c8057d0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/commit/d9502f5214e2198245a4c1defe9cd02a7c8057d0

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-qcfx-2mfw-w4cg

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:14:22Z/

url

https://github.com/rails/rails/security/advisories/GHSA-qcfx-2mfw-w4cg

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33173

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33173

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450545
reference_id	2450545
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450545

reference_url

https://github.com/advisories/GHSA-qcfx-2mfw-w4cg

reference_id

GHSA-qcfx-2mfw-w4cg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qcfx-2mfw-w4cg

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33173, GHSA-qcfx-2mfw-w4cg

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6z9-5n6k-2kak

url VCID-ad6q-vtdf-syb6

vulnerability_id VCID-ad6q-vtdf-syb6

summary

Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests
### Impact
Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability.

### Releases
The fixed releases are available at the normal locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33658.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33658.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33658

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.15472
published_at	2026-04-16T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15546
published_at	2026-04-13T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15609
published_at	2026-04-12T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15644
published_at	2026-04-11T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15677
published_at	2026-04-09T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15534
published_at	2026-04-07T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.1562
published_at	2026-04-08T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15731
published_at	2026-04-04T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15667
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33658

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33658
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33658

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-p9fm-f462-ggrg

reference_id

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rails/rails/security/advisories/GHSA-p9fm-f462-ggrg

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33658.yml

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-30T11:42:16Z/

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33658.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33658

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33658

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451983
reference_id	2451983
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451983

reference_url

https://github.com/advisories/GHSA-p9fm-f462-ggrg

reference_id

GHSA-p9fm-f462-ggrg

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p9fm-f462-ggrg

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33658, GHSA-p9fm-f462-ggrg

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ad6q-vtdf-syb6

url VCID-hatd-vkun-13hj

vulnerability_id VCID-hatd-vkun-13hj

summary

Rails Active Storage has possible glob injection in its DiskService
### Impact
Active Storage's `DiskService#delete_prefixed` passes blob keys directly to `Dir.glob` without escaping glob metacharacters. If a blob key contains attacker-controlled input or custom-generated keys with glob metacharacters, it may be possible to delete unintended files from the storage directory.

### Releases
The fixed releases are available at the normal locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33202.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33202.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33202

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07124
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07187
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07197
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07208
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0721
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0718
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07126
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07151
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07102
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33202

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33202
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33202

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8c9676b803820110548cdb7523800db43bc6874c

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/commit/8c9676b803820110548cdb7523800db43bc6874c

reference_url

https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/commit/955284d26e469a9c026a4eee5b21f0414ab0bccf

reference_url

https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/commit/fa19073546360856e9f4dab221fc2c5d73a45e82

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-73f9-jhhh-hr5m

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T15:42:33Z/

url

https://github.com/rails/rails/security/advisories/GHSA-73f9-jhhh-hr5m

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33202

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33202

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450547
reference_id	2450547
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450547

reference_url

https://github.com/advisories/GHSA-73f9-jhhh-hr5m

reference_id

GHSA-73f9-jhhh-hr5m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-73f9-jhhh-hr5m

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33202, GHSA-73f9-jhhh-hr5m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hatd-vkun-13hj

url VCID-qxe4-dubt-1kfp

vulnerability_id VCID-qxe4-dubt-1kfp

summary

Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
### Impact
When serving files through Active Storage's `Blobs::ProxyController`, the controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header (e.g. `bytes=0-`) could cause the server to allocate memory proportional to the file size, possibly resulting in a DoS vulnerability through memory exhaustion.

### Releases
The fixed releases are available at the normal locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33174.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33174.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33174

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05654
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05699
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05705
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05712
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05733
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05706
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05668
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05678
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05638
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33174

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33174
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33174

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/commit/2cd933c366b777f873d4d590127da2f4a25e4ba5

reference_url

https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/commit/42012eaaa88dfc7d0030161b2bc8074a7bbce92a

reference_url

https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/commit/8159a9c3de3f27a2bcf2866b8bf9ceb9075e229b

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T13:40:23Z/

url

https://github.com/rails/rails/security/advisories/GHSA-r46p-8f7g-vvvg

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33174

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33174

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450544
reference_id	2450544
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450544

reference_url

https://github.com/advisories/GHSA-r46p-8f7g-vvvg

reference_id

GHSA-r46p-8f7g-vvvg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r46p-8f7g-vvvg

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33174, GHSA-r46p-8f7g-vvvg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxe4-dubt-1kfp

url VCID-sarm-n22v-akcm

vulnerability_id VCID-sarm-n22v-akcm

summary

Rails Active Support has a possible DoS vulnerability in its number helpers
### Impact
Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted, possibly resulting in a DoS vulnerability.

### Releases
The fixed releases are available at the normal locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33176

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05654
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05699
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05705
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05712
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05733
published_at	2026-04-09T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05706
published_at	2026-04-08T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05668
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05678
published_at	2026-04-04T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05638
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33176

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/commit/19dbab51ca086a657bb86458042bc44314916bcb

reference_url

https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/commit/ebd6be18120d1136511eb516338e27af25ac0a1a

reference_url

https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/commit/ee2c59e730e5b8faed502cd2c573109df093f856

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:42:42Z/

url

https://github.com/rails/rails/security/advisories/GHSA-2j26-frm8-cmj9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33176

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33176

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450551
reference_id	2450551
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450551

reference_url

https://github.com/advisories/GHSA-2j26-frm8-cmj9

reference_id

GHSA-2j26-frm8-cmj9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j26-frm8-cmj9

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33176, GHSA-2j26-frm8-cmj9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sarm-n22v-akcm

url VCID-wpmk-wgpm-cuee

vulnerability_id VCID-wpmk-wgpm-cuee

summary

Rails Active Storage has possible Path Traversal in DiskService
### Impact
Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applications could be passing user input as keys and would be affected.

### Releases
The fixed releases are available at the normal locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33195.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33195.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33195

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09398
published_at	2026-04-16T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09504
published_at	2026-04-13T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09521
published_at	2026-04-12T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.0955
published_at	2026-04-11T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09536
published_at	2026-04-09T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09489
published_at	2026-04-08T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09415
published_at	2026-04-07T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09502
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09454
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33195

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33195
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33195

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c

reference_url

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/commit/4933c1e3b8c1bb04925d60347be9f69270392f2c

reference_url

https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/commit/9b06fbc0f504b8afe333f33d19548f3b85fbe655

reference_url

https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/commit/a290c8a1ec189d793aa6d7f2570b6a763f675348

reference_url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/releases/tag/v7.2.3.1

reference_url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/releases/tag/v8.0.4.1

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-24T14:10:57Z/

url

https://github.com/rails/rails/security/advisories/GHSA-9xrj-h377-fr87

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33195

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33195

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035
reference_id	1132035
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132035

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450546
reference_id	2450546
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450546

reference_url

https://github.com/advisories/GHSA-9xrj-h377-fr87

reference_id

GHSA-9xrj-h377-fr87

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9xrj-h377-fr87

fixed_packages

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33195, GHSA-9xrj-h377-fr87

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wpmk-wgpm-cuee

Fixing_vulnerabilities

url VCID-12x8-jxdf-jqdz

vulnerability_id VCID-12x8-jxdf-jqdz

summary

Actionpack Open Redirect Vulnerability
The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22881.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22881.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22881

reference_id

reference_type

scores

value	0.15453
scoring_system	epss
scoring_elements	0.94619
published_at	2026-04-01T12:55:00Z

value	0.15453
scoring_system	epss
scoring_elements	0.94665
published_at	2026-04-16T12:55:00Z

value	0.15453
scoring_system	epss
scoring_elements	0.94656
published_at	2026-04-13T12:55:00Z

value	0.15453
scoring_system	epss
scoring_elements	0.94652
published_at	2026-04-11T12:55:00Z

value	0.15453
scoring_system	epss
scoring_elements	0.94648
published_at	2026-04-09T12:55:00Z

value	0.15453
scoring_system	epss
scoring_elements	0.94644
published_at	2026-04-08T12:55:00Z

value	0.15453
scoring_system	epss
scoring_elements	0.94634
published_at	2026-04-07T12:55:00Z

value	0.15453
scoring_system	epss
scoring_elements	0.94632
published_at	2026-04-04T12:55:00Z

value	0.15453
scoring_system	epss
scoring_elements	0.94626
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22881

reference_url

https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22881
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22881

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22881-possible-open-redirect-in-host-authorization-middleware/77130

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/v6.1.2.1/actionpack/CHANGELOG.md

reference_url

https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/b5de7b3a4787d8a55aaad39f477c16e3af65e444

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22881.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/zN_3qA26l6E

reference_url

https://hackerone.com/reports/1047447

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1047447

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22881

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22881

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/05/05/2

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/05/05/2

reference_url

http://www.openwall.com/lists/oss-security/2021/08/20/1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1930211
reference_id	1930211
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1930211

reference_url	https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/
reference_id	CVE-2021-22881-FAILLE-DE-SECURITE-DANS-LE-MIDDLEWARE-HOSTAUTHORIZATION
reference_type
scores
url	https://benjamin-bouchet.com/cve-2021-22881-faille-de-securite-dans-le-middleware-hostauthorization/

reference_url

https://github.com/advisories/GHSA-8877-prq4-9xfw

reference_id

GHSA-8877-prq4-9xfw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8877-prq4-9xfw

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.5%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22881, GHSA-8877-prq4-9xfw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12x8-jxdf-jqdz

url VCID-19fr-55kr-hyax

vulnerability_id VCID-19fr-55kr-hyax

summary

rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements
NOTE: rails-ujs is part of Rails/actionview since 5.1.0.

There is a potential DOM based cross-site scripting issue in rails-ujs
which leverages the Clipboard API to target HTML elements that are
assigned the contenteditable attribute. This has the potential to
occur when pasting malicious HTML content from the clipboard that
includes a data-method, data-remote or data-disable-with attribute.

This vulnerability has been assigned the CVE identifier CVE-2023-23913.

Not affected: < 5.1.0
Versions Affected: >= 5.1.0
Fixed Versions: 6.1.7.3, 7.0.4.3

Impact
If the specified malicious HTML clipboard content is provided to a
contenteditable element, this could result in the arbitrary execution
of javascript on the origin in question.

Releases
The FIXED releases are available at the normal locations.

Workarounds
We recommend that all users upgrade to one of the FIXED versions.
In the meantime, users can attempt to mitigate this vulnerability
by removing the contenteditable attribute from elements in pages
that rails-ujs will interact with.

Patches
To aid users who aren’t able to upgrade immediately we have provided
patches for the two supported release series. They are in git-am
format and consist of a single changeset.

* rails-ujs-data-method-contenteditable-6-1.patch - Patch for 6.1 series
* rails-ujs-data-method-contenteditable-7-0.patch - Patch for 7.0 series

Please note that only the 7.0.Z and 6.1.Z series are
supported at present, and 6.0.Z for severe vulnerabilities.

Users of earlier unsupported releases are advised to upgrade as
soon as possible as we cannot guarantee the continued availability
of security fixes for unsupported releases.

Credits
We would like to thank ryotak 15 for reporting this!

* rails-ujs-data-method-contenteditable-6-1.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-7-0.patch (8.5 KB)
* rails-ujs-data-method-contenteditable-main.patch (8.9 KB)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23913.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23913

reference_id

reference_type

scores

value	0.00115
scoring_system	epss
scoring_elements	0.30179
published_at	2026-04-13T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30226
published_at	2026-04-12T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30269
published_at	2026-04-11T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30265
published_at	2026-04-09T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3023
published_at	2026-04-08T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.3017
published_at	2026-04-07T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30353
published_at	2026-04-04T12:55:00Z

value	0.00115
scoring_system	epss
scoring_elements	0.30304
published_at	2026-04-02T12:55:00Z

value	0.00152
scoring_system	epss
scoring_elements	0.35918
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23913

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120

reference_url

https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd

reference_url

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd

reference_url

https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/73009ea59a811b28e8ec2a9c9bc24635aa891214

reference_url

https://security.netapp.com/advisory/ntap-20240605-0007

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240605-0007

reference_url

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-23913

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2182160
reference_id	2182160
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2182160

reference_url

reference_id

CVE-2023-23913

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-23913

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml

reference_id

CVE-2023-23913.YML

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2023-23913.yml

reference_url

https://github.com/advisories/GHSA-xp5h-f8jf-rc8q

reference_id

GHSA-xp5h-f8jf-rc8q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xp5h-f8jf-rc8q

reference_url

https://security.netapp.com/advisory/ntap-20240605-0007/

reference_id

ntap-20240605-0007

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:07:37Z/

url

https://security.netapp.com/advisory/ntap-20240605-0007/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-23913, GHSA-xp5h-f8jf-rc8q

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19fr-55kr-hyax

url VCID-1bxs-yghe-cyck

vulnerability_id VCID-1bxs-yghe-cyck

summary

URL Redirection to Untrusted Site ('Open Redirect')
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22942

reference_id

reference_type

scores

value	0.00533
scoring_system	epss
scoring_elements	0.67302
published_at	2026-04-01T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67412
published_at	2026-04-12T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67424
published_at	2026-04-11T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67413
published_at	2026-04-16T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67339
published_at	2026-04-07T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67378
published_at	2026-04-13T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67403
published_at	2026-04-09T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.6739
published_at	2026-04-08T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67361
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c

reference_url

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0005

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0005

reference_url	https://security.netapp.com/advisory/ntap-20240202-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240202-0005/

reference_url

https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released

reference_url	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1995940
reference_id	1995940
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1995940

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586
reference_id	992586
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586

reference_url

https://security.archlinux.org/AVG-2492

reference_id

AVG-2492

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2492

reference_url

https://security.archlinux.org/AVG-2493

reference_id

AVG-2493

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2493

reference_url

https://access.redhat.com/security/cve/cve-2021-22942

reference_id

CVE-2021-22942

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2021-22942

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22942

reference_id

CVE-2021-22942

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22942

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml

reference_id

CVE-2021-22942.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml

reference_url

https://github.com/advisories/GHSA-2rqw-v265-jf8c

reference_id

GHSA-2rqw-v265-jf8c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2rqw-v265-jf8c

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.1%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.1%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.1%252Bdfsg-3%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22942, GHSA-2rqw-v265-jf8c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxs-yghe-cyck

url VCID-1rgy-k7a9-m7au

vulnerability_id VCID-1rgy-k7a9-m7au

summary

XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1099

reference_id

reference_type

scores

value	0.00399
scoring_system	epss
scoring_elements	0.60713
published_at	2026-04-16T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60541
published_at	2026-04-01T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60616
published_at	2026-04-07T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60645
published_at	2026-04-04T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60665
published_at	2026-04-08T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.6068
published_at	2026-04-09T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60705
published_at	2026-04-11T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60691
published_at	2026-04-12T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60671
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1099

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=799276

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=799276

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099

reference_url

https://github.com/advisories/GHSA-2xjj-5x6h-8vmf

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2xjj-5x6h-8vmf

reference_url	https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1099

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1099

reference_url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_url

http://www.debian.org/security/2012/dsa-2466

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2012/dsa-2466

reference_url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/03/1

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-1099, GHSA-2xjj-5x6h-8vmf, OSV-79727

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgy-k7a9-m7au

url VCID-1rxp-g9rz-4yb3

vulnerability_id VCID-1rxp-g9rz-4yb3

summary

Possible XSS Security Vulnerability in SafeBuffer#bytesplice
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input.
This vulnerability has been assigned the CVE identifier CVE-2023-28120.

Versions Affected: All. Not affected: None Fixed Versions: 7.0.4.3, 6.1.7.3

# Impact

ActiveSupport uses the SafeBuffer string subclass to tag strings as html_safe after they have been sanitized.
When these strings are mutated, the tag is should be removed to mark them as no longer being html_safe.

Ruby 3.2 introduced a new bytesplice method which ActiveSupport does not yet understand to be a mutation.
Users on older versions of Ruby are likely unaffected.

All users running an affected release and using bytesplice should either upgrade or use one of the workarounds immediately.

# Workarounds

Avoid calling bytesplice on a SafeBuffer (html_safe) string with untrusted user input.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28120.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28120

reference_id

reference_type

scores

value	0.00395
scoring_system	epss
scoring_elements	0.60411
published_at	2026-04-16T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.6037
published_at	2026-04-13T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60389
published_at	2026-04-12T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60382
published_at	2026-04-09T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60403
published_at	2026-04-11T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60366
published_at	2026-04-08T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60317
published_at	2026-04-07T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60349
published_at	2026-04-04T12:55:00Z

value	0.00395
scoring_system	epss
scoring_elements	0.60323
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28120

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23913

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28120

reference_url

https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO

reference_url

https://security.netapp.com/advisory/ntap-20240202-0006

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0006

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28120

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262
reference_id	1033262
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033262

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179637
reference_id	2179637
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179637

reference_url

reference_id

CVE-2023-28120

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28120

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml

reference_id

CVE-2023-28120.YML

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-28120.yml

reference_url

https://github.com/advisories/GHSA-pj73-v5mw-pm9j

reference_id

GHSA-pj73-v5mw-pm9j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pj73-v5mw-pm9j

reference_url

https://security.netapp.com/advisory/ntap-20240202-0006/

reference_id

ntap-20240202-0006

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://security.netapp.com/advisory/ntap-20240202-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:1953
reference_id	RHSA-2023:1953
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1953

reference_url	https://access.redhat.com/errata/RHSA-2023:3495
reference_id	RHSA-2023:3495
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3495

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/

reference_id

UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPV6PVCX4VDJHLFFT42EXBBSGAWZICOW/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/

reference_id

ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:44:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE5W4MH6IE4DV7GELDK6ISCSTFLHKSYO/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-28120, GHSA-pj73-v5mw-pm9j, GMS-2023-765

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rxp-g9rz-4yb3

url VCID-1x8k-t8mr-3fgp

vulnerability_id VCID-1x8k-t8mr-3fgp

summary

URL Redirection to Untrusted Site ('Open Redirect')
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44528

reference_id

reference_type

scores

value	0.25125
scoring_system	epss
scoring_elements	0.96188
published_at	2026-04-16T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.9618
published_at	2026-04-13T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96178
published_at	2026-04-12T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96175
published_at	2026-04-09T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96171
published_at	2026-04-08T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.9615
published_at	2026-04-02T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96142
published_at	2026-04-01T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96161
published_at	2026-04-07T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96158
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021

reference_url

https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815

reference_url

https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml

reference_url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ

reference_url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer

reference_url

https://security.netapp.com/advisory/ntap-20240208-0003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240208-0003

reference_url	https://security.netapp.com/advisory/ntap-20240208-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240208-0003/

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-44528

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817
reference_id	1001817
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2034266
reference_id	2034266
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2034266

reference_url

reference_id

CVE-2021-44528

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-44528

reference_url

https://github.com/advisories/GHSA-qphc-hf5q-v8fc

reference_id

GHSA-qphc-hf5q-v8fc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qphc-hf5q-v8fc

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.6%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-44528, GHSA-qphc-hf5q-v8fc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1x8k-t8mr-3fgp

url VCID-1xgz-hwng-n3eq

vulnerability_id VCID-1xgz-hwng-n3eq

summary

Untrusted users can run pending migrations in production in Rails
There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

This vulnerability has been assigned the CVE identifier CVE-2020-8185.

Versions Affected:  6.0.0 < rails < 6.0.3.2
Not affected:       Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)
Fixed Versions:     rails >= 6.0.3.2

Impact
------

Using this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run.

Workarounds
-----------

Until such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb:

`config.middleware.delete ActionDispatch::ActionableExceptions`

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8185

reference_id

reference_type

scores

value	0.00679
scoring_system	epss
scoring_elements	0.71592
published_at	2026-04-16T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71509
published_at	2026-04-01T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71515
published_at	2026-04-02T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71532
published_at	2026-04-04T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71505
published_at	2026-04-07T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71545
published_at	2026-04-08T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71557
published_at	2026-04-09T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.7158
published_at	2026-04-11T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71564
published_at	2026-04-12T12:55:00Z

value	0.00679
scoring_system	epss
scoring_elements	0.71546
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8185

reference_url

https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0

reference_url

https://hackerone.com/reports/899069

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/899069

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8185

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8185

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1852380
reference_id	1852380
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1852380

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
reference_id	964081
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081

reference_url

https://github.com/advisories/GHSA-c6qr-h5vq-59jc

reference_id

GHSA-c6qr-h5vq-59jc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c6qr-h5vq-59jc

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8185, GHSA-c6qr-h5vq-59jc

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xgz-hwng-n3eq

url VCID-2efj-tf8d-dfck

vulnerability_id VCID-2efj-tf8d-dfck

summary

Strong Parameter bypass with create_with
The `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection.

references

reference_url

http://openwall.com/lists/oss-security/2014/08/18/10

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/08/18/10

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1102.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1102.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3514

reference_id

reference_type

scores

value	0.00331
scoring_system	epss
scoring_elements	0.56096
published_at	2026-04-16T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56035
published_at	2026-04-07T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56086
published_at	2026-04-08T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.5609
published_at	2026-04-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56101
published_at	2026-04-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56078
published_at	2026-04-12T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56061
published_at	2026-04-13T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55925
published_at	2026-04-01T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56036
published_at	2026-04-02T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56057
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3514

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514

reference_url	http://secunia.com/advisories/60347
reference_id
reference_type
scores
url	http://secunia.com/advisories/60347

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_url

https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3514

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3514

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1131240
reference_id	1131240
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1131240

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

reference_url

https://github.com/advisories/GHSA-9rf5-jm6f-2fmm

reference_id

GHSA-9rf5-jm6f-2fmm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9rf5-jm6f-2fmm

reference_url	https://access.redhat.com/errata/RHSA-2014:1102
reference_id	RHSA-2014:1102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1102

fixed_packages

url	pkg:deb/debian/rails@2:4.1.5-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-3514, GHSA-9rf5-jm6f-2fmm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2efj-tf8d-dfck

url VCID-2mcx-b9k2-83bh

vulnerability_id VCID-2mcx-b9k2-83bh

summary

Ruby on Rails vulnerable to code injection
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.

references

reference_url

http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.koehntopp.de/archives/1367-Ruby-On-Rails-Mandatory-Mystery-Patch.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-4111

reference_id

reference_type

scores

value	0.03984
scoring_system	epss
scoring_elements	0.8842
published_at	2026-04-16T12:55:00Z

value	0.03984
scoring_system	epss
scoring_elements	0.88406
published_at	2026-04-13T12:55:00Z

value	0.03984
scoring_system	epss
scoring_elements	0.88414
published_at	2026-04-11T12:55:00Z

value	0.03984
scoring_system	epss
scoring_elements	0.88403
published_at	2026-04-09T12:55:00Z

value	0.03984
scoring_system	epss
scoring_elements	0.88397
published_at	2026-04-08T12:55:00Z

value	0.03984
scoring_system	epss
scoring_elements	0.88378
published_at	2026-04-07T12:55:00Z

value	0.03984
scoring_system	epss
scoring_elements	0.88373
published_at	2026-04-04T12:55:00Z

value	0.03984
scoring_system	epss
scoring_elements	0.8835
published_at	2026-04-01T12:55:00Z

value	0.03984
scoring_system	epss
scoring_elements	0.88359
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-4111

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4111

reference_url

https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/presidentbeef/rails-security-history/blob/master/vulnerabilities.md

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_url

http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits

reference_url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
reference_id	382255
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2006-4111

reference_id

CVE-2006-4111

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2006-4111

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml

reference_id

CVE-2006-4111.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4111.yml

reference_url

https://github.com/advisories/GHSA-rvpq-5xqx-pfpp

reference_id

GHSA-rvpq-5xqx-pfpp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rvpq-5xqx-pfpp

reference_url	https://security.gentoo.org/glsa/200608-20
reference_id	GLSA-200608-20
reference_type
scores
url	https://security.gentoo.org/glsa/200608-20

fixed_packages

url	pkg:deb/debian/rails@1.1.5-1?distro=trixie
purl	pkg:deb/debian/rails@1.1.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.1.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2006-4111, GHSA-rvpq-5xqx-pfpp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2mcx-b9k2-83bh

url VCID-31xv-z8c6-a7bg

vulnerability_id VCID-31xv-z8c6-a7bg

summary

XSS in Action View
There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks.

### Impact

When an HTML-unsafe string is passed as the default for a missing translation key [named `html` or ending in `_html`](https://guides.rubyonrails.org/i18n.html#using-safe-html-translations), the default string is incorrectly marked as HTML-safe and not escaped. Vulnerable code may look like the following examples:

```erb
<%# The welcome_html translation is not defined for the current locale: %>
<%= t("welcome_html", default: untrusted_user_controlled_string) %>

<%# Neither the title.html translation nor the missing.html translation is defined for the current locale: %>
<%= t("title.html", default: [:"missing.html", untrusted_user_controlled_string]) %>
```

### Patches

Patched Rails versions, 6.0.3.3 and 5.2.4.4, are available from the normal locations.

The patches have also been applied to the `master`, `6-0-stable`, and `5-2-stable` branches on GitHub. If you track any of these branches, you should update to the latest.

To aid users who aren’t able to upgrade immediately, we’ve provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* [5-2-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-5-2-translate-helper-xss-patch) — patch for the 5.2 release series
* [6-0-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-6-0-translate-helper-xss-patch) — patch for the 6.0 release series

Please note that only the 5.2 and 6.0 release series are currently supported. Users of earlier, unsupported releases are advised to update as soon as possible, as we cannot provide security fixes for unsupported releases.

### Workarounds

Impacted users who can’t upgrade to a patched Rails version can avoid this issue by manually escaping default translations with the `html_escape` helper (aliased as `h`):

```erb
<%= t("welcome_html", default: h(untrusted_user_controlled_string)) %>
```

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15169.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15169

reference_id

reference_type

scores

value	0.01497
scoring_system	epss
scoring_elements	0.81153
published_at	2026-04-16T12:55:00Z

value	0.01497
scoring_system	epss
scoring_elements	0.81116
published_at	2026-04-13T12:55:00Z

value	0.01497
scoring_system	epss
scoring_elements	0.81123
published_at	2026-04-12T12:55:00Z

value	0.01497
scoring_system	epss
scoring_elements	0.81136
published_at	2026-04-11T12:55:00Z

value	0.01497
scoring_system	epss
scoring_elements	0.81118
published_at	2026-04-09T12:55:00Z

value	0.01497
scoring_system	epss
scoring_elements	0.81112
published_at	2026-04-08T12:55:00Z

value	0.01497
scoring_system	epss
scoring_elements	0.81085
published_at	2026-04-07T12:55:00Z

value	0.01497
scoring_system	epss
scoring_elements	0.81061
published_at	2026-04-02T12:55:00Z

value	0.01497
scoring_system	epss
scoring_elements	0.81052
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e

reference_url

https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15169

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15169

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-cfjv-5498-mph5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1877566
reference_id	1877566
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1877566

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040
reference_id	970040
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970040

reference_url

reference_id

GHSA-cfjv-5498-mph5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cfjv-5498-mph5

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-15169, GHSA-cfjv-5498-mph5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31xv-z8c6-a7bg

url VCID-333w-aacz-mfcr

vulnerability_id VCID-333w-aacz-mfcr

summary

Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`

references

reference_url

http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7829.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7829

reference_id

reference_type

scores

value	0.00266
scoring_system	epss
scoring_elements	0.50169
published_at	2026-04-11T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50126
published_at	2026-04-02T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50154
published_at	2026-04-04T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50104
published_at	2026-04-07T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50158
published_at	2026-04-08T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50152
published_at	2026-04-09T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50183
published_at	2026-04-16T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50139
published_at	2026-04-13T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50091
published_at	2026-04-01T12:55:00Z

value	0.00266
scoring_system	epss
scoring_elements	0.50142
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7829

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7829

reference_url

https://github.com/advisories/GHSA-h56m-vwxc-3qpw

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h56m-vwxc-3qpw

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7829.yml

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/rMTQy4oRCGk/loS_CRS8mNEJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/rMTQy4oRCGk

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7829

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7829

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160403085126/http://www.securityfocus.com/bid/71183

reference_url	http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2014/11/19/Rails-4-0-11-1-and-4-1-7-1-have-been-released/

reference_url	http://www.securityfocus.com/bid/71183
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/71183

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1164659
reference_id	1164659
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1164659

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
reference_id	770934
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.13:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.15:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:::::::*

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*

117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::

118

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

119

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

120

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

121

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

122

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

123

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

125

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

126

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

127

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

128

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

129

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

130

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

132

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*

133

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

135

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

136

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

137

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

138

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

139

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

140

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

141

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

142

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*

143

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*

144

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::

145

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*

146

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::

147

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::

148

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::

149

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

150

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:::::::*

151

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.20:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.20:::::::*

152

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*

153

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:::::::*

154

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

155

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

fixed_packages

url	pkg:deb/debian/rails@2:4.1.8-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-7829, GHSA-h56m-vwxc-3qpw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-333w-aacz-mfcr

url VCID-3hur-esmy-x3hr

vulnerability_id VCID-3hur-esmy-x3hr

summary

Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
There is a possible ReDoS vulnerability in the plain_text_for_blockquote_node helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888.

Impact
------

Carefully crafted text can cause the plain_text_for_blockquote_node helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2

Credits
-------

Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47888

reference_id

reference_type

scores

value	0.00517
scoring_system	epss
scoring_elements	0.66721
published_at	2026-04-16T12:55:00Z

value	0.00517
scoring_system	epss
scoring_elements	0.66687
published_at	2026-04-13T12:55:00Z

value	0.00517
scoring_system	epss
scoring_elements	0.66717
published_at	2026-04-12T12:55:00Z

value	0.00517
scoring_system	epss
scoring_elements	0.6673
published_at	2026-04-11T12:55:00Z

value	0.00517
scoring_system	epss
scoring_elements	0.6671
published_at	2026-04-09T12:55:00Z

value	0.00517
scoring_system	epss
scoring_elements	0.66695
published_at	2026-04-08T12:55:00Z

value	0.00517
scoring_system	epss
scoring_elements	0.66646
published_at	2026-04-07T12:55:00Z

value	0.00517
scoring_system	epss
scoring_elements	0.66672
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47888

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id	1085376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2319035
reference_id	2319035
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2319035

reference_url

https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468

reference_id

4f4312b21a6448336de7c7ab0c4d94b378def468

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468

reference_url

https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822

reference_id

727b0946c3cab04b825c039435eac963d4e91822

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822

reference_url

https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e

reference_id

ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-47888
reference_id	CVE-2024-47888
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-47888

reference_url

https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5

reference_id

de0df7caebd9cb238a6f10dca462dc5f8d5e98b5

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/

url

https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5

reference_url

https://github.com/advisories/GHSA-wwhv-wxv9-rpgw

reference_id

GHSA-wwhv-wxv9-rpgw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wwhv-wxv9-rpgw

reference_url	https://usn.ubuntu.com/7290-1/
reference_id	USN-7290-1
reference_type
scores
url	https://usn.ubuntu.com/7290-1/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-47888, GHSA-wwhv-wxv9-rpgw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hur-esmy-x3hr

url VCID-3m2y-wy1w-n7h1

vulnerability_id VCID-3m2y-wy1w-n7h1

summary

SQL Injection Vulnerabilities Affecting PostgreSQL
SQLi vulnerability in activerecord.

references

reference_url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0877.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0877.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3483

reference_id

reference_type

scores

value	0.0125
scoring_system	epss
scoring_elements	0.79355
published_at	2026-04-16T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79309
published_at	2026-04-04T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79295
published_at	2026-04-07T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79321
published_at	2026-04-08T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.7933
published_at	2026-04-09T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79354
published_at	2026-04-11T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79339
published_at	2026-04-12T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79328
published_at	2026-04-13T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79279
published_at	2026-04-01T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79286
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3483

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483

reference_url	http://secunia.com/advisories/59971
reference_id
reference_type
scores
url	http://secunia.com/advisories/59971

reference_url	http://secunia.com/advisories/60214
reference_id
reference_type
scores
url	http://secunia.com/advisories/60214

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_url	https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3483

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3483

reference_url

https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-r8fh-hq2p-7qhq

reference_url	http://www.securityfocus.com/bid/68341
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/68341

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1114427
reference_id	1114427
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1114427

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url

reference_id

GHSA-r8fh-hq2p-7qhq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r8fh-hq2p-7qhq

reference_url	https://access.redhat.com/errata/RHSA-2014:0877
reference_id	RHSA-2014:0877
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0877

fixed_packages

url	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.4-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-3483, GHSA-r8fh-hq2p-7qhq, OSV-108665

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3m2y-wy1w-n7h1

url VCID-3wtf-uu89-2qe5

vulnerability_id VCID-3wtf-uu89-2qe5

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html

reference_url

http://openwall.com/lists/oss-security/2014/02/18/8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/02/18/8

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0081

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0081.json

reference_url

reference_id

reference_type

scores

value	0.00885
scoring_system	epss
scoring_elements	0.75477
published_at	2026-04-16T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75378
published_at	2026-04-01T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75382
published_at	2026-04-02T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75415
published_at	2026-04-04T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75394
published_at	2026-04-07T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75438
published_at	2026-04-08T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75447
published_at	2026-04-09T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75467
published_at	2026-04-11T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75446
published_at	2026-04-12T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75435
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/08d0a11a3f62718d601d39e617c834759cf59bbb

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0081.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2014-0081.yml

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/tfp6gZCtzr4

reference_url

https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140911141416/http://www.securitytracker.com/id/1029782

reference_url

https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170307202606/http://www.securityfocus.com/bid/65647

reference_url

https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207045136/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1065520
reference_id	1065520
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1065520

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0081

reference_id

CVE-2014-0081

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0081

reference_url

https://github.com/advisories/GHSA-m46p-ggm5-5j83

reference_id

GHSA-m46p-ggm5-5j83

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m46p-ggm5-5j83

reference_url	https://access.redhat.com/errata/RHSA-2014:0215
reference_id	RHSA-2014:0215
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0215

reference_url	https://access.redhat.com/errata/RHSA-2014:0306
reference_id	RHSA-2014:0306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0306

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-0081, GHSA-m46p-ggm5-5j83, OSV-103439

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3wtf-uu89-2qe5

url VCID-3zdr-vasc-a7cn

vulnerability_id VCID-3zdr-vasc-a7cn

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

references

reference_url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

reference_url

http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source

reference_url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3009.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-3009

reference_id

reference_type

scores

value	0.01632
scoring_system	epss
scoring_elements	0.81937
published_at	2026-04-16T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81837
published_at	2026-04-01T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81848
published_at	2026-04-02T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.8187
published_at	2026-04-04T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81866
published_at	2026-04-07T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81893
published_at	2026-04-08T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81899
published_at	2026-04-09T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81919
published_at	2026-04-11T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81907
published_at	2026-04-12T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81902
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-3009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3009

reference_url

http://secunia.com/advisories/36600

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/36600

reference_url

http://secunia.com/advisories/36717

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/36717

reference_url

http://securitytracker.com/id?1022824

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://securitytracker.com/id?1022824

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/53036

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/53036

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails

reference_url

http://www.debian.org/security/2009/dsa-1887

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2009/dsa-1887

reference_url

http://www.osvdb.org/57666

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.osvdb.org/57666

reference_url

http://www.securityfocus.com/bid/36278

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/36278

reference_url

http://www.vupen.com/english/advisories/2009/2544

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2009/2544

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=520843
reference_id	520843
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=520843

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id	545063
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-3009

reference_id

CVE-2009-3009

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-3009

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml

reference_id

CVE-2009-3009.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml

reference_url

https://github.com/advisories/GHSA-8qrh-h9m2-5fvf

reference_id

GHSA-8qrh-h9m2-5fvf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-8qrh-h9m2-5fvf

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.2.3-1?distro=trixie
purl	pkg:deb/debian/rails@2.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2009-3009, GHSA-8qrh-h9m2-5fvf, OSV-57666

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3zdr-vasc-a7cn

url VCID-43f3-rxwm-fkgv

vulnerability_id VCID-43f3-rxwm-fkgv

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2932

reference_id

reference_type

scores

value	0.00813
scoring_system	epss
scoring_elements	0.74208
published_at	2026-04-01T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74293
published_at	2026-04-16T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74256
published_at	2026-04-13T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74263
published_at	2026-04-12T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.7424
published_at	2026-04-04T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74214
published_at	2026-04-02T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74282
published_at	2026-04-11T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.7426
published_at	2026-04-09T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74246
published_at	2026-04-08T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74213
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2932

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731435

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731435

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932

reference_url	http://secunia.com/advisories/45917
reference_id
reference_type
scores
url	http://secunia.com/advisories/45917

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2932

reference_id

CVE-2011-2932

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2932

reference_url

https://github.com/advisories/GHSA-9fh3-vh3h-q4g3

reference_id

GHSA-9fh3-vh3h-q4g3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9fh3-vh3h-q4g3

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2932, GHSA-9fh3-vh3h-q4g3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43f3-rxwm-fkgv

url VCID-49pq-vg95-jkh2

vulnerability_id VCID-49pq-vg95-jkh2

summary

Cross-Site Request Forgery (CSRF)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

reference_id

reference_type

scores

value	0.00991
scoring_system	epss
scoring_elements	0.76907
published_at	2026-04-11T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76879
published_at	2026-04-09T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76868
published_at	2026-04-08T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76837
published_at	2026-04-07T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76857
published_at	2026-04-04T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76822
published_at	2026-04-01T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76922
published_at	2026-04-16T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.7688
published_at	2026-04-13T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76886
published_at	2026-04-12T12:55:00Z

value	0.00991
scoring_system	epss
scoring_elements	0.76828
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447

reference_url	http://secunia.com/advisories/43274
reference_id
reference_type
scores
url	http://secunia.com/advisories/43274

reference_url	http://secunia.com/advisories/43666
reference_id
reference_type
scores
url	http://secunia.com/advisories/43666

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034

reference_url

https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06

reference_url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_url

https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060

reference_url

http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0447

reference_url	http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/46291

reference_url	http://www.securitytracker.com/id?1025060
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1025060

reference_url	http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0587

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id	614864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url

reference_id

CVE-2011-0447

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0447

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml

reference_id

CVE-2011-0447.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml

reference_url

https://github.com/advisories/GHSA-24fg-p96v-hxh8

reference_id

GHSA-24fg-p96v-hxh8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-24fg-p96v-hxh8

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.11-0.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.11-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.11-0.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-0447, GHSA-24fg-p96v-hxh8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-49pq-vg95-jkh2

url VCID-4cky-r218-dkbb

vulnerability_id VCID-4cky-r218-dkbb

summary

activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_id

reference_type

scores

value	0.00955
scoring_system	epss
scoring_elements	0.76425
published_at	2026-04-13T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76431
published_at	2026-04-12T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76366
published_at	2026-04-01T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76467
published_at	2026-04-16T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76399
published_at	2026-04-04T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76369
published_at	2026-04-02T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76453
published_at	2026-04-11T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76427
published_at	2026-04-09T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76414
published_at	2026-04-08T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76381
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_id

CVE-2011-2930

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_id

CVE-2011-2930.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_id

GHSA-h6w6-xmqv-7q78

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2930, GHSA-h6w6-xmqv-7q78

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cky-r218-dkbb

url VCID-4epw-vk25-mfdw

vulnerability_id VCID-4epw-vk25-mfdw

summary

XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the `sanitize_css` method in Action Pack.

references

reference_url	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0698

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0698

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-1855

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1855.json

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-1855

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1855

reference_id

reference_type

scores

value	0.00536
scoring_system	epss
scoring_elements	0.67499
published_at	2026-04-16T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67385
published_at	2026-04-01T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67421
published_at	2026-04-07T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67443
published_at	2026-04-04T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67473
published_at	2026-04-08T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67487
published_at	2026-04-09T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.6751
published_at	2026-04-11T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67497
published_at	2026-04-12T12:55:00Z

value	0.00536
scoring_system	epss
scoring_elements	0.67463
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1855

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=921331

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=921331

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-1855.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8

reference_url

https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/8ed835a97cdd1afd?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1855

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1855

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

118

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

119

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

120

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

121

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

122

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

123

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

125

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

126

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

127

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

128

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

129

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

130

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

132

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

133

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

135

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

136

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

137

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

138

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

139

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

140

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

141

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

142

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

143

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

144

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

145

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

146

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

147

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

148

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

149

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

150

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

151

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

152

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

153

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

154

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

155

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

156

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

159

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*

160

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

161

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

162

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

163

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

164

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

165

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

166

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

167

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

168

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

169

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

170

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

171

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

172

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

173

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*

174

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*

175

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*

176

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*

177

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*

178

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*

179

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*

180

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*

181

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*

182

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*

183

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

184

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*

185

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

186

reference_url

https://github.com/advisories/GHSA-q759-hwvc-m3jg

reference_id

GHSA-q759-hwvc-m3jg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q759-hwvc-m3jg

187

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-1855, GHSA-q759-hwvc-m3jg, OSV-91452

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4epw-vk25-mfdw

url VCID-4he5-y1u4-gkd2

vulnerability_id VCID-4he5-y1u4-gkd2

summary

XSS Vulnerability in the `sanitize` helper
The `sanitize` helper in Ruby on Rails is designed to filter HTML and remove all tags and attributes which could be malicious.

references

reference_url	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url	http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00072.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00073.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1857

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1857.json

reference_url

reference_id

reference_type

scores

value	0.00625
scoring_system	epss
scoring_elements	0.70179
published_at	2026-04-09T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70163
published_at	2026-04-08T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70116
published_at	2026-04-07T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70111
published_at	2026-04-01T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70123
published_at	2026-04-02T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70138
published_at	2026-04-04T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70217
published_at	2026-04-16T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70175
published_at	2026-04-13T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70187
published_at	2026-04-12T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70202
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1857

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/78b9817a5943f6d6?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1857

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1857

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=921335
reference_id	921335
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=921335

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

118

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

119

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

120

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

121

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

122

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

123

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

125

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

126

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

127

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

128

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

129

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

130

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

132

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

133

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

135

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

136

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

137

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

138

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

139

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

140

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

141

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

142

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

143

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

144

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

145

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

146

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

147

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

148

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

149

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

150

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

151

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

152

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

153

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

154

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

155

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

156

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*

157

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

158

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

159

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

160

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

161

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

162

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

163

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

164

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

165

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

166

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

167

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

168

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

169

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

170

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*

171

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*

172

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*

173

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*

174

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*

175

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*

176

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*

177

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*

178

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*

179

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*

180

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

181

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*

182

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

183

reference_url

https://github.com/advisories/GHSA-j838-vfpq-fmf2

reference_id

GHSA-j838-vfpq-fmf2

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j838-vfpq-fmf2

184

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-1857, GHSA-j838-vfpq-fmf2, OSV-91454

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4he5-y1u4-gkd2

url VCID-4zhj-en7h-3yaz

vulnerability_id VCID-4zhj-en7h-3yaz

summary

Improper Authentication
The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.

references

reference_url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_url

http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2422.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-2422

reference_id

reference_type

scores

value	0.00403
scoring_system	epss
scoring_elements	0.60931
published_at	2026-04-11T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60909
published_at	2026-04-09T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60779
published_at	2026-04-01T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.6094
published_at	2026-04-16T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60898
published_at	2026-04-13T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60917
published_at	2026-04-12T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60893
published_at	2026-04-08T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60844
published_at	2026-04-07T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.6088
published_at	2026-04-04T12:55:00Z

value	0.00403
scoring_system	epss
scoring_elements	0.60852
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-2422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2422

reference_url	http://secunia.com/advisories/35702
reference_id
reference_type
scores
url	http://secunia.com/advisories/35702

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/51528

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/51528

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-2422.yml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090711160153/http://secunia.com/advisories/35702

reference_url

https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229192617/http://www.securityfocus.com/bid/35579

reference_url

http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest

reference_url	http://www.securityfocus.com/bid/35579
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/35579

reference_url	http://www.vupen.com/english/advisories/2009/1802
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/1802

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=509564
reference_id	509564
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=509564

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896
reference_id	535896
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535896

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-2422

reference_id

CVE-2009-2422

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-2422

reference_url

https://github.com/advisories/GHSA-rxq3-gm4p-5fj4

reference_id

GHSA-rxq3-gm4p-5fj4

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rxq3-gm4p-5fj4

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.3.5-1?distro=trixie
purl	pkg:deb/debian/rails@2.3.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2009-2422, GHSA-rxq3-gm4p-5fj4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zhj-en7h-3yaz

url VCID-5bh7-drnb-7ygg

vulnerability_id VCID-5bh7-drnb-7ygg

summary

Rails has possible XSS Vulnerability in Action Controller
# Possible XSS Vulnerability in Action Controller

There is a possible XSS vulnerability when using the translation helpers
(`translate`, `t`, etc) in Action Controller. This vulnerability has been
assigned the CVE identifier CVE-2024-26143.

Versions Affected:  >= 7.0.0.
Not affected:       < 7.0.0
Fixed Versions:     7.1.3.1, 7.0.8.1

Impact
------
Applications using translation methods like `translate`, or `t` on a
controller, with a key ending in "_html", a `:default` key which contains
untrusted user input, and the resulting string is used in a view, may be
susceptible to an XSS vulnerability.

For example, impacted code will look something like this:

```ruby
class ArticlesController < ApplicationController
  def show  
    @message = t("message_html", default: untrusted_input)
    # The `show` template displays the contents of `@message`
  end
end
```

To reiterate the pre-conditions, applications must:

* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from
  a view)
* Use a key that ends in `_html`
* Use a default value where the default value is untrusted and unescaped input
* Send the text to the victim (whether that's part of a template, or a
  `render` call)

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

*  7-0-translate-xss.patch - Patch for 7.0 series
*  7-1-translate-xss.patch - Patch for 7.1 series

Credits
-------

Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json

reference_id

reference_type

scores

value	4.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26143

reference_id

reference_type

scores

value	0.02067
scoring_system	epss
scoring_elements	0.83957
published_at	2026-04-16T12:55:00Z

value	0.02067
scoring_system	epss
scoring_elements	0.83933
published_at	2026-04-13T12:55:00Z

value	0.02067
scoring_system	epss
scoring_elements	0.83937
published_at	2026-04-12T12:55:00Z

value	0.02067
scoring_system	epss
scoring_elements	0.83944
published_at	2026-04-11T12:55:00Z

value	0.02067
scoring_system	epss
scoring_elements	0.83927
published_at	2026-04-09T12:55:00Z

value	0.02067
scoring_system	epss
scoring_elements	0.83921
published_at	2026-04-08T12:55:00Z

value	0.02067
scoring_system	epss
scoring_elements	0.83898
published_at	2026-04-07T12:55:00Z

value	0.02067
scoring_system	epss
scoring_elements	0.83896
published_at	2026-04-04T12:55:00Z

value	0.02067
scoring_system	epss
scoring_elements	0.8388
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26143

reference_url

https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc

reference_url

https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e

reference_url

https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26143

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26143

reference_url

https://security.netapp.com/advisory/ntap-20240510-0004

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240510-0004

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2266388
reference_id	2266388
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2266388

reference_url

https://github.com/advisories/GHSA-9822-6m93-xqf4

reference_id

GHSA-9822-6m93-xqf4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9822-6m93-xqf4

reference_url

https://security.netapp.com/advisory/ntap-20240510-0004/

reference_id

ntap-20240510-0004

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/

url

https://security.netapp.com/advisory/ntap-20240510-0004/

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-26143, GHSA-9822-6m93-xqf4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bh7-drnb-7ygg

url VCID-5hqj-fxmk-cbcy

vulnerability_id VCID-5hqj-fxmk-cbcy

summary

XSS Vulnerability in number_to_currency
The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json

reference_url

reference_id

reference_type

scores

value	0.01506
scoring_system	epss
scoring_elements	0.81208
published_at	2026-04-16T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81107
published_at	2026-04-01T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81116
published_at	2026-04-02T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81139
published_at	2026-04-04T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81138
published_at	2026-04-07T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81165
published_at	2026-04-08T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81172
published_at	2026-04-09T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81191
published_at	2026-04-11T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81177
published_at	2026-04-12T12:55:00Z

value	0.01506
scoring_system	epss
scoring_elements	0.81171
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/402
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/402

reference_url

https://github.com/advisories/GHSA-6h5q-96hp-9jgm

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6h5q-96hp-9jgm

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6415

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6415

reference_url

https://puppet.com/security/cve/cve-2013-6415

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-6415

reference_url

https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1036910
reference_id	1036910
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1036910

reference_url	https://access.redhat.com/errata/RHSA-2013:1794
reference_id	RHSA-2013:1794
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1794

reference_url	https://access.redhat.com/errata/RHSA-2014:0008
reference_id	RHSA-2014:0008
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0008

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-6415, GHSA-6h5q-96hp-9jgm, OSV-100524

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hqj-fxmk-cbcy

url VCID-5qu2-b8gt-7qe3

vulnerability_id VCID-5qu2-b8gt-7qe3

summary

Active Record subject to Regular Expression Denial-of-Service (ReDoS)
The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22880.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22880

reference_id

reference_type

scores

value	0.02459
scoring_system	epss
scoring_elements	0.85168
published_at	2026-04-01T12:55:00Z

value	0.02459
scoring_system	epss
scoring_elements	0.85229
published_at	2026-04-09T12:55:00Z

value	0.02459
scoring_system	epss
scoring_elements	0.85221
published_at	2026-04-08T12:55:00Z

value	0.02459
scoring_system	epss
scoring_elements	0.85199
published_at	2026-04-07T12:55:00Z

value	0.02459
scoring_system	epss
scoring_elements	0.85197
published_at	2026-04-04T12:55:00Z

value	0.02459
scoring_system	epss
scoring_elements	0.85179
published_at	2026-04-02T12:55:00Z

value	0.02599
scoring_system	epss
scoring_elements	0.85631
published_at	2026-04-16T12:55:00Z

value	0.02599
scoring_system	epss
scoring_elements	0.85616
published_at	2026-04-11T12:55:00Z

value	0.02599
scoring_system	epss
scoring_elements	0.85612
published_at	2026-04-12T12:55:00Z

value	0.02599
scoring_system	epss
scoring_elements	0.85608
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22880

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22880-possible-dos-vulnerability-in-active-record-postgresql-adapter/77129

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2021-22880.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/ZzUqCh9vyhI

reference_url

https://hackerone.com/reports/1023899

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1023899

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MO5OJ3F4ZL3UXVLJO6ECANRVZBNRS2IH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQ3NS4IBYE2I3MVMGAHFZBZBIZGHXHT3/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22880

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22880

reference_url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_url	https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210805-0009/

reference_url

https://www.debian.org/security/2021/dsa-4929

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2021/dsa-4929

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1930102
reference_id	1930102
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1930102

reference_url

https://github.com/advisories/GHSA-8hc4-xxm3-5ppp

reference_id

GHSA-8hc4-xxm3-5ppp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8hc4-xxm3-5ppp

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.5%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.5%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22880, GHSA-8hc4-xxm3-5ppp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qu2-b8gt-7qe3

url VCID-5x54-hckg-x7b8

vulnerability_id VCID-5x54-hckg-x7b8

summary

Exposure of Sensitive Information to an Unauthorized Actor
A bypass vulnerability in Active Storage for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16477

reference_id

reference_type

scores

value	0.0026
scoring_system	epss
scoring_elements	0.49443
published_at	2026-04-16T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49345
published_at	2026-04-01T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49372
published_at	2026-04-02T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.494
published_at	2026-04-04T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49354
published_at	2026-04-07T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49408
published_at	2026-04-08T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49404
published_at	2026-04-09T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49422
published_at	2026-04-11T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49394
published_at	2026-04-12T12:55:00Z

value	0.0026
scoring_system	epss
scoring_elements	0.49397
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16477

reference_url

https://github.com/advisories/GHSA-7rr7-rcjw-56vj

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-7rr7-rcjw-56vj

reference_url

https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/d/msg/rubyonrails-security/3KQRnXDIuLg/mByx5KkqBAAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg

reference_url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848
reference_id	914848
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914848

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16477

reference_id

CVE-2018-16477

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16477

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2018-16477, GHSA-7rr7-rcjw-56vj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5x54-hckg-x7b8

url VCID-63gy-6njy-kbd8

vulnerability_id VCID-63gy-6njy-kbd8

summary

ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22792

reference_id

reference_type

scores

value	0.02639
scoring_system	epss
scoring_elements	0.85729
published_at	2026-04-16T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85707
published_at	2026-04-13T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85711
published_at	2026-04-12T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85715
published_at	2026-04-11T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85701
published_at	2026-04-09T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85689
published_at	2026-04-08T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85646
published_at	2026-04-02T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.8567
published_at	2026-04-07T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85663
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/

url

https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url

https://security.netapp.com/advisory/ntap-20240202-0007

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0007

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22792

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164800
reference_id	2164800
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164800

reference_url

reference_id

CVE-2023-22792

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22792

reference_url

https://github.com/advisories/GHSA-p84v-45xj-wwqj

reference_id

GHSA-p84v-45xj-wwqj

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p84v-45xj-wwqj

reference_url

https://security.netapp.com/advisory/ntap-20240202-0007/

reference_id

ntap-20240202-0007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/

url

https://security.netapp.com/advisory/ntap-20240202-0007/

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63gy-6njy-kbd8

url VCID-65tq-e5eb-eucj

vulnerability_id VCID-65tq-e5eb-eucj

summary

Rails has possible Sensitive Session Information Leak in Active Storage
# Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage.  By
default, Active Storage sends a `Set-Cookie` header along with the user's
session cookie when serving blobs.  It also sets `Cache-Control` to public.
Certain proxies may cache the Set-Cookie, leading to an information leak.

This vulnerability has been assigned the CVE identifier CVE-2024-26144.

Versions Affected:  >= 5.2.0, < 7.1.0
Not affected:       < 5.2.0, > 7.1.0
Fixed Versions:     7.0.8.1, 6.1.7.7

Impact
------
A proxy which chooses to caches this request can cause users to share
sessions. This may include a user receiving an attacker's session or vice
versa.

This was patched in 7.1.0 but not previously identified as a security
vulnerability.

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Upgrade to Rails 7.1.X, or configure caching proxies not to cache the
Set-Cookie headers.

Credits
-------

Thanks to [tyage](https://hackerone.com/tyage) for reporting this!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26144

reference_id

reference_type

scores

value	0.03103
scoring_system	epss
scoring_elements	0.86825
published_at	2026-04-16T12:55:00Z

value	0.03103
scoring_system	epss
scoring_elements	0.86809
published_at	2026-04-13T12:55:00Z

value	0.03103
scoring_system	epss
scoring_elements	0.86814
published_at	2026-04-12T12:55:00Z

value	0.03103
scoring_system	epss
scoring_elements	0.86818
published_at	2026-04-11T12:55:00Z

value	0.03103
scoring_system	epss
scoring_elements	0.86804
published_at	2026-04-09T12:55:00Z

value	0.03103
scoring_system	epss
scoring_elements	0.86796
published_at	2026-04-08T12:55:00Z

value	0.03103
scoring_system	epss
scoring_elements	0.86776
published_at	2026-04-07T12:55:00Z

value	0.03103
scoring_system	epss
scoring_elements	0.86778
published_at	2026-04-04T12:55:00Z

value	0.03103
scoring_system	epss
scoring_elements	0.86759
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26144

reference_url

https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433

reference_url

https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3

reference_url

https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26144

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26144

reference_url

https://security.netapp.com/advisory/ntap-20240510-0013

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240510-0013

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119
reference_id	1065119
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2266063
reference_id	2266063
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2266063

reference_url

https://github.com/advisories/GHSA-8h22-8cf7-hq6g

reference_id

GHSA-8h22-8cf7-hq6g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8h22-8cf7-hq6g

reference_url

https://security.netapp.com/advisory/ntap-20240510-0013/

reference_id

ntap-20240510-0013

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/

url

https://security.netapp.com/advisory/ntap-20240510-0013/

reference_url	https://access.redhat.com/errata/RHSA-2024:10806
reference_id	RHSA-2024:10806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10806

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-26144, GHSA-8h22-8cf7-hq6g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65tq-e5eb-eucj

url VCID-6j55-bstz-yybj

vulnerability_id VCID-6j55-bstz-yybj

summary

High severity vulnerability that affects actionpack
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

reference_id

reference_type

scores

value	0.00555
scoring_system	epss
scoring_elements	0.68141
published_at	2026-04-16T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68064
published_at	2026-04-02T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68083
published_at	2026-04-04T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68062
published_at	2026-04-07T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68113
published_at	2026-04-08T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68128
published_at	2026-04-09T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68152
published_at	2026-04-11T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68138
published_at	2026-04-12T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68105
published_at	2026-04-13T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68042
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

reference_url	http://secunia.com/advisories/43278
reference_id
reference_type
scores
url	http://secunia.com/advisories/43278

reference_url	http://securitytracker.com/id?1025061
reference_id
reference_type
scores
url	http://securitytracker.com/id?1025061

reference_url

https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b

reference_url

https://github.com/rails/rails/tree/main/actionpack

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/tree/main/actionpack

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml

reference_url

https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061

reference_url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-0449

reference_id

CVE-2011-0449

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0449

reference_url

https://github.com/advisories/GHSA-4ww3-3rxj-8v6q

reference_id

GHSA-4ww3-3rxj-8v6q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4ww3-3rxj-8v6q

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-0449, GHSA-4ww3-3rxj-8v6q

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6j55-bstz-yybj

url VCID-6ku5-mtgz-zygw

vulnerability_id VCID-6ku5-mtgz-zygw

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22796

reference_id

reference_type

scores

value	0.01733
scoring_system	epss
scoring_elements	0.825
published_at	2026-04-16T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82406
published_at	2026-04-02T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82424
published_at	2026-04-04T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.8242
published_at	2026-04-07T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82448
published_at	2026-04-08T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82454
published_at	2026-04-09T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82473
published_at	2026-04-11T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82468
published_at	2026-04-12T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82463
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/

url

https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8

reference_url

https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164736
reference_id	2164736
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164736

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22796

reference_id

CVE-2023-22796

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22796

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml

reference_id

CVE-2023-22796.YML

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml

reference_url

https://github.com/advisories/GHSA-j6gc-792m-qgm2

reference_id

GHSA-j6gc-792m-qgm2

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j6gc-792m-qgm2

reference_url

https://security.netapp.com/advisory/ntap-20240202-0009/

reference_id

ntap-20240202-0009

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/

url

https://security.netapp.com/advisory/ntap-20240202-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4341
reference_id	RHSA-2023:4341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4341

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22796, GHSA-j6gc-792m-qgm2, GMS-2023-61

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ku5-mtgz-zygw

url VCID-6pxd-xsaw-tuer

vulnerability_id VCID-6pxd-xsaw-tuer

summary

Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037.

Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38037

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.22816
published_at	2026-04-16T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22911
published_at	2026-04-02T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22954
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22747
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22823
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22876
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22896
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22859
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22803
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38037

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037

reference_url

https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:42Z/

url

https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731

reference_url

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731

reference_url

https://github.com/rails/rails/releases/tag/v7.0.7.1

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.7.1

reference_url

https://security.netapp.com/advisory/ntap-20250214-0010

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250214-0010

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057
reference_id	1051057
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2236261
reference_id	2236261
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2236261

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-38037

reference_id

CVE-2023-38037

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-38037

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml

reference_id

CVE-2023-38037.YML

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml

reference_url

https://github.com/advisories/GHSA-cr5q-6q9f-rq6q

reference_id

GHSA-cr5q-6q9f-rq6q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr5q-6q9f-rq6q

reference_url	https://access.redhat.com/errata/RHSA-2023:7720
reference_id	RHSA-2023:7720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7720

reference_url	https://access.redhat.com/errata/RHSA-2024:0268
reference_id	RHSA-2024:0268
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0268

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-38037, GHSA-cr5q-6q9f-rq6q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pxd-xsaw-tuer

url VCID-6tty-dbwx-rbgx

vulnerability_id VCID-6tty-dbwx-rbgx

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22797

reference_id

reference_type

scores

value	0.00137
scoring_system	epss
scoring_elements	0.33518
published_at	2026-04-16T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33482
published_at	2026-04-13T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33506
published_at	2026-04-12T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33605
published_at	2026-04-02T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.3352
published_at	2026-04-08T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33476
published_at	2026-04-07T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33638
published_at	2026-04-04T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33548
published_at	2026-04-11T12:55:00Z

value	0.00137
scoring_system	epss
scoring_elements	0.33554
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22797

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:07:07Z/

url

https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164793
reference_id	2164793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164793

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22797

reference_id

CVE-2023-22797

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22797

reference_url

https://github.com/advisories/GHSA-9445-4cr6-336r

reference_id

GHSA-9445-4cr6-336r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9445-4cr6-336r

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22797, GHSA-9445-4cr6-336r, GMS-2023-57

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tty-dbwx-rbgx

url VCID-6yr6-a21g-dyf5

vulnerability_id VCID-6yr6-a21g-dyf5

summary

Deserialization of Untrusted Data
A Broken Access Control vulnerability in Active Job

references

reference_url

https://access.redhat.com/errata/RHSA-2019:0600

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0600

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16476.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16476

reference_id

reference_type

scores

value	0.00791
scoring_system	epss
scoring_elements	0.73893
published_at	2026-04-12T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73912
published_at	2026-04-11T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.7389
published_at	2026-04-09T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73927
published_at	2026-04-16T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73885
published_at	2026-04-13T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73871
published_at	2026-04-04T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73846
published_at	2026-04-02T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73836
published_at	2026-04-01T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73877
published_at	2026-04-08T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73842
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16476

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16476

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/970b0d754be7c71a760d9b807eea32297fd838e3

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activejob/CVE-2018-16476.yml

reference_url

https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/d/msg/rubyonrails-security/FL4dSdzr2zw/zjKVhF4qBAAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/FL4dSdzr2zw

reference_url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released

reference_url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2018/11/27/Rails-4-2-5-0-5-1-5-2-have-been-released/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1659223
reference_id	1659223
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1659223

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847
reference_id	914847
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914847

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16476

reference_id

CVE-2018-16476

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16476

reference_url

https://github.com/advisories/GHSA-q2qw-rmrh-vv42

reference_id

GHSA-q2qw-rmrh-vv42

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q2qw-rmrh-vv42

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2018-16476, GHSA-q2qw-rmrh-vv42

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yr6-a21g-dyf5

url VCID-7f5r-9h1g-nuch

vulnerability_id VCID-7f5r-9h1g-nuch

summary

Exposure of Sensitive Information to an Unauthorized Actor
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-3086

reference_id

reference_type

scores

value	0.00556
scoring_system	epss
scoring_elements	0.68185
published_at	2026-04-16T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68147
published_at	2026-04-13T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.6818
published_at	2026-04-12T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68194
published_at	2026-04-11T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68169
published_at	2026-04-09T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68154
published_at	2026-04-08T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68102
published_at	2026-04-07T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68125
published_at	2026-04-04T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68107
published_at	2026-04-02T12:55:00Z

value	0.00556
scoring_system	epss
scoring_elements	0.68084
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-3086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3086

reference_url	http://secunia.com/advisories/36600
reference_id
reference_type
scores
url	http://secunia.com/advisories/36600

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1f07a89c5946910fc28ea5ccd1da6af8a0f972a0

reference_url

https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/674f780d59a5a7ec0301755d43a7b277a3ad2978

reference_url

https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d460c9a25560f43e7c3789abadf7b455053eb686

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3086.yml

reference_url

https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090906010200/http://www.vupen.com/english/advisories/2009/2544

reference_url

https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090907001716/http://secunia.com/advisories/36600

reference_url

https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229150042/http://www.securityfocus.com/bid/37427

reference_url

http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/9/4/timing-weakness-in-ruby-on-rails

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-3086

reference_url	http://www.securityfocus.com/bid/37427
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/37427

reference_url	http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/2544

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063
reference_id	545063
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063

reference_url

reference_id

CVE-2009-3086

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-3086

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml

reference_id

CVE-2009-3086.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2009-3086.yml

reference_url

https://github.com/advisories/GHSA-fg9w-g6m4-557j

reference_id

GHSA-fg9w-g6m4-557j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fg9w-g6m4-557j

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.2.3-1?distro=trixie
purl	pkg:deb/debian/rails@2.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2009-3086, GHSA-fg9w-g6m4-557j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7f5r-9h1g-nuch

url VCID-86jq-2md2-d7ah

vulnerability_id VCID-86jq-2md2-d7ah

summary

Possible XSS Vulnerability in ActionView
There is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers.

references

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1856.html

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1856.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1857.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1857.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-1858.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-1858.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6316.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6316

reference_id

reference_type

scores

value	0.01626
scoring_system	epss
scoring_elements	0.81859
published_at	2026-04-09T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81878
published_at	2026-04-11T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81897
published_at	2026-04-16T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81795
published_at	2026-04-01T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81806
published_at	2026-04-02T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81829
published_at	2026-04-04T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81826
published_at	2026-04-07T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.8186
published_at	2026-04-13T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81866
published_at	2026-04-12T12:55:00Z

value	0.01626
scoring_system	epss
scoring_elements	0.81852
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6316

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6316

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6316

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6316

reference_url

https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430

reference_url

https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316

reference_url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

reference_url

http://www.debian.org/security/2016/dsa-3651

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2016/dsa-3651

reference_url

http://www.openwall.com/lists/oss-security/2016/08/11/3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/11/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1365008
reference_id	1365008
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1365008

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155
reference_id	834155
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155

reference_url

https://github.com/advisories/GHSA-pc3m-v286-2jwj

reference_id

GHSA-pc3m-v286-2jwj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pc3m-v286-2jwj

reference_url	https://access.redhat.com/errata/RHSA-2016:1855
reference_id	RHSA-2016:1855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1855

reference_url	https://access.redhat.com/errata/RHSA-2016:1856
reference_id	RHSA-2016:1856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1856

reference_url	https://access.redhat.com/errata/RHSA-2016:1857
reference_id	RHSA-2016:1857
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1857

reference_url	https://access.redhat.com/errata/RHSA-2016:1858
reference_id	RHSA-2016:1858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1858

fixed_packages

url	pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-6316, GHSA-pc3m-v286-2jwj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86jq-2md2-d7ah

url VCID-877d-u9ag-qqdr

vulnerability_id VCID-877d-u9ag-qqdr

summary

Rails Denial of Service vulnerability
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-4112

reference_id

reference_type

scores

value	0.07371
scoring_system	epss
scoring_elements	0.9169
published_at	2026-04-02T12:55:00Z

value	0.07371
scoring_system	epss
scoring_elements	0.91744
published_at	2026-04-16T12:55:00Z

value	0.07371
scoring_system	epss
scoring_elements	0.91724
published_at	2026-04-13T12:55:00Z

value	0.07371
scoring_system	epss
scoring_elements	0.91728
published_at	2026-04-12T12:55:00Z

value	0.07371
scoring_system	epss
scoring_elements	0.91726
published_at	2026-04-11T12:55:00Z

value	0.07371
scoring_system	epss
scoring_elements	0.91723
published_at	2026-04-09T12:55:00Z

value	0.07371
scoring_system	epss
scoring_elements	0.91681
published_at	2026-04-01T12:55:00Z

value	0.07371
scoring_system	epss
scoring_elements	0.91716
published_at	2026-04-08T12:55:00Z

value	0.07371
scoring_system	epss
scoring_elements	0.91703
published_at	2026-04-07T12:55:00Z

value	0.07371
scoring_system	epss
scoring_elements	0.91695
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-4112

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4112

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/28364

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/28364

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200301174340/http://www.securityfocus.com/bid/19454

reference_url

https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200804225700/http://www.securityfocus.com/archive/1/442934/100/0/threaded

reference_url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200808083046/http://securitytracker.com/id?1016673

reference_url

http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure

reference_url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.gentoo.org/security/en/glsa/glsa-200608-20.xml

reference_url

http://www.kb.cert.org/vuls/id/699540

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/699540

reference_url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.novell.com/linux/security/advisories/2006_21_sr.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255
reference_id	382255
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382255

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2006-4112

reference_id

CVE-2006-4112

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2006-4112

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml

reference_id

CVE-2006-4112.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2006-4112.yml

reference_url

https://github.com/advisories/GHSA-9wrq-xvmp-xjc8

reference_id

GHSA-9wrq-xvmp-xjc8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9wrq-xvmp-xjc8

reference_url	https://security.gentoo.org/glsa/200608-20
reference_id	GLSA-200608-20
reference_type
scores
url	https://security.gentoo.org/glsa/200608-20

fixed_packages

url	pkg:deb/debian/rails@1.1.6-1?distro=trixie
purl	pkg:deb/debian/rails@1.1.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.1.6-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2006-4112, GHSA-9wrq-xvmp-xjc8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-877d-u9ag-qqdr

url VCID-895a-ydc5-zfg6

vulnerability_id VCID-895a-ydc5-zfg6

summary

Circumvention of file size limits in ActiveStorage
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.

Versions Affected:  rails < 5.2.4.2, rails < 6.0.3.1
Not affected:       Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------

Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.

Workarounds
-----------

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8162.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8162

reference_id

reference_type

scores

value	0.01549
scoring_system	epss
scoring_elements	0.81448
published_at	2026-04-16T12:55:00Z

value	0.01549
scoring_system	epss
scoring_elements	0.81411
published_at	2026-04-13T12:55:00Z

value	0.01549
scoring_system	epss
scoring_elements	0.81376
published_at	2026-04-07T12:55:00Z

value	0.01549
scoring_system	epss
scoring_elements	0.81418
published_at	2026-04-12T12:55:00Z

value	0.01549
scoring_system	epss
scoring_elements	0.81431
published_at	2026-04-11T12:55:00Z

value	0.01549
scoring_system	epss
scoring_elements	0.81409
published_at	2026-04-09T12:55:00Z

value	0.01549
scoring_system	epss
scoring_elements	0.81405
published_at	2026-04-08T12:55:00Z

value	0.01549
scoring_system	epss
scoring_elements	0.81347
published_at	2026-04-01T12:55:00Z

value	0.01549
scoring_system	epss
scoring_elements	0.81356
published_at	2026-04-02T12:55:00Z

value	0.01549
scoring_system	epss
scoring_elements	0.81378
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167

reference_url

https://github.com/aws/aws-sdk-ruby

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aws/aws-sdk-ruby

reference_url

https://github.com/aws/aws-sdk-ruby/issues/2098

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/aws/aws-sdk-ruby/issues/2098

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2020-8162.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ

reference_url

https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ

reference_url

https://hackerone.com/reports/789579

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/789579

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8162

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8162

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-m42x-37p3-fv5w

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1843005
reference_id	1843005
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1843005

reference_url

reference_id

GHSA-m42x-37p3-fv5w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m42x-37p3-fv5w

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8162, GHSA-m42x-37p3-fv5w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-895a-ydc5-zfg6

url VCID-8dad-dvat-1fg4

vulnerability_id VCID-8dad-dvat-1fg4

summary

Path Traversal in Action View
# File Content Disclosure in Action View

Impact 
------ 
There is a possible file content disclosure vulnerability in Action View.  Specially crafted accept headers in combination with calls to `render file:`  can cause arbitrary files on the target server to be rendered, disclosing the  file contents. 

The impact is limited to calls to `render` which render file contents without  a specified accept format.  Impacted code in a controller looks something like this: 

``` ruby
class UserController < ApplicationController 
  def index 
    render file: "#{Rails.root}/some/file" 
  end 
end 
``` 

Rendering templates as opposed to files is not impacted by this vulnerability. 

All users running an affected release should either upgrade or use one of the workarounds immediately. 

Releases 
-------- 
The 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, and 4.2.11.1 releases are available at the normal locations. 

Workarounds 
----------- 
This vulnerability can be mitigated by specifying a format for file rendering, like this: 

``` ruby
class UserController < ApplicationController 
  def index 
    render file: "#{Rails.root}/some/file", formats: [:html] 
  end 
end 
``` 

In summary, impacted calls to `render` look like this: 

``` 
render file: "#{Rails.root}/some/file" 
``` 

The vulnerability can be mitigated by changing to this: 

``` 
render file: "#{Rails.root}/some/file", formats: [:html] 
``` 

Other calls to `render` are not impacted. 

Alternatively, the following monkey patch can be applied in an initializer: 

``` ruby
$ cat config/initializers/formats_filter.rb 
# frozen_string_literal: true 

ActionDispatch::Request.prepend(Module.new do 
  def formats 
    super().select do |format| 
      format.symbol || format.ref == "*/*" 
    end 
  end 
end) 
``` 

Credits 
------- 
Thanks to John Hawthorn <john@hawthorn.email> of GitHub

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html

reference_url

http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5418.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5418

reference_id

reference_type

scores

value	0.94318
scoring_system	epss
scoring_elements	0.9995
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5418

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5418

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/zRNVOUhKHrg

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_url

https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_url	https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
reference_id
reference_type
scores
url	https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

reference_url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418

reference_url

https://www.exploit-db.com/exploits/46585

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/46585

reference_url

https://www.exploit-db.com/exploits/46585/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

https://www.exploit-db.com/exploits/46585/

reference_url

http://www.openwall.com/lists/oss-security/2019/03/22/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-07-17T03:55:43Z/

url

http://www.openwall.com/lists/oss-security/2019/03/22/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1689159
reference_id	1689159
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1689159

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
reference_id	924520
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms:4.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms:4.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:::::::*
reference_id	cpe:2.3:a:redhat:software_collections:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py
reference_id	CVE-2019-5418
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/46585.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5418

reference_id

CVE-2019-5418

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5418

reference_url

https://github.com/advisories/GHSA-86g5-2wh3-gc9j

reference_id

GHSA-86g5-2wh3-gc9j

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-86g5-2wh3-gc9j

reference_url	https://usn.ubuntu.com/7646-1/
reference_id	USN-7646-1
reference_type
scores
url	https://usn.ubuntu.com/7646-1/

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2019-5418, GHSA-86g5-2wh3-gc9j

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8dad-dvat-1fg4

url VCID-9hq5-3usy-5fhq

vulnerability_id VCID-9hq5-3usy-5fhq

summary

Possible Object Leak and Denial of Service attack
A carefully crafted `Accept` header can cause a global cache of mime types to grow indefinitely which can lead to a possible denial of service attack in Action Pack.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0751

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0751.json

reference_url

reference_id

reference_type

scores

value	0.06145
scoring_system	epss
scoring_elements	0.9084
published_at	2026-04-16T12:55:00Z

value	0.06145
scoring_system	epss
scoring_elements	0.9077
published_at	2026-04-01T12:55:00Z

value	0.06145
scoring_system	epss
scoring_elements	0.90776
published_at	2026-04-02T12:55:00Z

value	0.06145
scoring_system	epss
scoring_elements	0.90787
published_at	2026-04-04T12:55:00Z

value	0.06145
scoring_system	epss
scoring_elements	0.90797
published_at	2026-04-07T12:55:00Z

value	0.06145
scoring_system	epss
scoring_elements	0.90808
published_at	2026-04-08T12:55:00Z

value	0.06145
scoring_system	epss
scoring_elements	0.90814
published_at	2026-04-09T12:55:00Z

value	0.06145
scoring_system	epss
scoring_elements	0.90823
published_at	2026-04-12T12:55:00Z

value	0.06145
scoring_system	epss
scoring_elements	0.90821
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/127967b735813cd4f263df7a50426d74e7e9cc17

reference_url

https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/221937c8ba1d291430ceddebbd4bdef7d3cb47d6

reference_url

https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/37047b779a177b911c7161052cfc34a30e1db0af

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0751.yml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0751

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0751

reference_url

https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160128201702/http://www.securitytracker.com/id/1034816

reference_url

https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227181647/http://www.securityfocus.com/bid/81800

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/9

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/9

reference_url	http://www.securityfocus.com/bid/81800
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/81800

reference_url	http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301946
reference_id	1301946
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301946

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*

100

reference_url

https://github.com/advisories/GHSA-ffpv-c4hm-3x6v

reference_id

GHSA-ffpv-c4hm-3x6v

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ffpv-c4hm-3x6v

101

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

102

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

103

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-0751, GHSA-ffpv-c4hm-3x6v

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hq5-3usy-5fhq

url VCID-9hvm-2hnk-hyev

vulnerability_id VCID-9hvm-2hnk-hyev

summary The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.

references

reference_url

http://dev.rubyonrails.org/changeset/8177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://dev.rubyonrails.org/changeset/8177

reference_url

http://dev.rubyonrails.org/ticket/10048

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://dev.rubyonrails.org/ticket/10048

reference_url

http://docs.info.apple.com/article.html?artnum=307179

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-6077

reference_id

reference_type

scores

value	0.03262
scoring_system	epss
scoring_elements	0.87111
published_at	2026-04-07T12:55:00Z

value	0.03262
scoring_system	epss
scoring_elements	0.87159
published_at	2026-04-16T12:55:00Z

value	0.03262
scoring_system	epss
scoring_elements	0.87139
published_at	2026-04-09T12:55:00Z

value	0.03262
scoring_system	epss
scoring_elements	0.87132
published_at	2026-04-08T12:55:00Z

value	0.03262
scoring_system	epss
scoring_elements	0.8709
published_at	2026-04-01T12:55:00Z

value	0.03262
scoring_system	epss
scoring_elements	0.87101
published_at	2026-04-02T12:55:00Z

value	0.03262
scoring_system	epss
scoring_elements	0.87118
published_at	2026-04-04T12:55:00Z

value	0.03262
scoring_system	epss
scoring_elements	0.87142
published_at	2026-04-13T12:55:00Z

value	0.03262
scoring_system	epss
scoring_elements	0.87147
published_at	2026-04-12T12:55:00Z

value	0.03262
scoring_system	epss
scoring_elements	0.87152
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-6077

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6077

reference_url

http://secunia.com/advisories/27781

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27781

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release

reference_url

http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/11/24/ruby-on-rails-1-2-6-security-and-maintenance-release

reference_url

http://www.securityfocus.com/bid/26598

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/26598

reference_url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_url

http://www.vupen.com/english/advisories/2007/4009

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2007/4009

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-6077

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748
reference_id	452748
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452748

reference_url

reference_id

CVE-2007-6077

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-6077

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml

reference_id

CVE-2007-6077.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-6077.yml

reference_url

https://github.com/advisories/GHSA-p4c6-77gc-694x

reference_id

GHSA-p4c6-77gc-694x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-p4c6-77gc-694x

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@1.2.6-1?distro=trixie
purl	pkg:deb/debian/rails@1.2.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.6-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-6077, GHSA-p4c6-77gc-694x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9hvm-2hnk-hyev

url VCID-9t7a-muwx-zyee

vulnerability_id VCID-9t7a-muwx-zyee

summary

Improper Access Control
The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing `WHERE` clauses via a crafted request.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6317.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_id

reference_type

scores

value	0.00381
scoring_system	epss
scoring_elements	0.59551
published_at	2026-04-16T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59406
published_at	2026-04-01T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59478
published_at	2026-04-02T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59503
published_at	2026-04-04T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.5947
published_at	2026-04-07T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59521
published_at	2026-04-08T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59533
published_at	2026-04-09T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59552
published_at	2026-04-11T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59536
published_at	2026-04-12T12:55:00Z

value	0.00381
scoring_system	epss
scoring_elements	0.59517
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6317

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2016-6317.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/rgO20zYW33s

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA

reference_url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/

reference_url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/08/11/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1365017
reference_id	1365017
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1365017

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154
reference_id	834154
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834154

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_id

CVE-2016-6317

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6317

reference_url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

reference_id

GHSA-pr3r-4wrp-r2pv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pr3r-4wrp-r2pv

reference_url	https://access.redhat.com/errata/RHSA-2016:1855
reference_id	RHSA-2016:1855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:1855

fixed_packages

url	pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-6317, GHSA-pr3r-4wrp-r2pv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9t7a-muwx-zyee

url VCID-a6sp-18av-wya6

vulnerability_id VCID-a6sp-18av-wya6

summary

Possible Strong Parameters Bypass in ActionPack
There is a strong parameters bypass vector in ActionPack.

Versions Affected:  rails <= 6.0.3
Not affected:       rails < 5.0.0
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------
In some cases user supplied information can be inadvertently leaked from
Strong Parameters.  Specifically the return value of `each`, or `each_value`,
or `each_pair` will return the underlying "untrusted" hash of data that was
read from the parameters.  Applications that use this return value may be
inadvertently use untrusted user input.

Impacted code will look something like this:

```
def update
  # Attacker has included the parameter: `{ is_admin: true }`
  User.update(clean_up_params)
end

def clean_up_params
   params.each { |k, v|  SomeModel.check(v) if k == :name }
end
```

Note the mistaken use of `each` in the `clean_up_params` method in the above
example.

Workarounds
-----------
Do not use the return values of `each`, `each_value`, or `each_pair` in your
application.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8164.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8164

reference_id

reference_type

scores

value	0.07389
scoring_system	epss
scoring_elements	0.91752
published_at	2026-04-16T12:55:00Z

value	0.07389
scoring_system	epss
scoring_elements	0.9169
published_at	2026-04-01T12:55:00Z

value	0.07389
scoring_system	epss
scoring_elements	0.91698
published_at	2026-04-02T12:55:00Z

value	0.07389
scoring_system	epss
scoring_elements	0.91703
published_at	2026-04-04T12:55:00Z

value	0.07389
scoring_system	epss
scoring_elements	0.91712
published_at	2026-04-07T12:55:00Z

value	0.07389
scoring_system	epss
scoring_elements	0.91724
published_at	2026-04-08T12:55:00Z

value	0.07389
scoring_system	epss
scoring_elements	0.91731
published_at	2026-04-09T12:55:00Z

value	0.07389
scoring_system	epss
scoring_elements	0.91734
published_at	2026-04-11T12:55:00Z

value	0.07389
scoring_system	epss
scoring_elements	0.91736
published_at	2026-04-12T12:55:00Z

value	0.07389
scoring_system	epss
scoring_elements	0.91732
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8164.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY

reference_url

https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY

reference_url

https://hackerone.com/reports/292797

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/292797

reference_url

https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8164

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8164

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-8727-m6gj-mc37

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1842634
reference_id	1842634
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1842634

reference_url

reference_id

GHSA-8727-m6gj-mc37

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8727-m6gj-mc37

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8164, GHSA-8727-m6gj-mc37

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6sp-18av-wya6

url VCID-awt1-8bxs-xffs

vulnerability_id VCID-awt1-8bxs-xffs

summary

actionpack Improper Authentication vulnerability
The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3424

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json

reference_url

reference_id

reference_type

scores

value	0.00981
scoring_system	epss
scoring_elements	0.76812
published_at	2026-04-16T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76746
published_at	2026-04-04T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76729
published_at	2026-04-07T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.7676
published_at	2026-04-08T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76771
published_at	2026-04-13T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76799
published_at	2026-04-11T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76779
published_at	2026-04-12T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76714
published_at	2026-04-01T12:55:00Z

value	0.00981
scoring_system	epss
scoring_elements	0.76718
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3424

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600

reference_url

https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=843711
reference_id	843711
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=843711

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3424

reference_id

CVE-2012-3424

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3424

reference_url

https://github.com/advisories/GHSA-92w9-2pqw-rhjj

reference_id

GHSA-92w9-2pqw-rhjj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-92w9-2pqw-rhjj

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-awt1-8bxs-xffs

url VCID-bjwf-uhyk-63aj

vulnerability_id VCID-bjwf-uhyk-63aj

summary

Timing attack vulnerability in basic authentication
Due to the way that Action Controller compares user names and passwords in basic authentication authorization code, it is possible for an attacker to analyze the time taken by a response and intuit the password. You can tell you application is vulnerable to this attack by looking for `http_basic_authenticate_with` method calls in your application.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178068.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7576

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7576.json

reference_url

reference_id

reference_type

scores

value	0.01574
scoring_system	epss
scoring_elements	0.81576
published_at	2026-04-16T12:55:00Z

value	0.01574
scoring_system	epss
scoring_elements	0.81474
published_at	2026-04-01T12:55:00Z

value	0.01574
scoring_system	epss
scoring_elements	0.81486
published_at	2026-04-02T12:55:00Z

value	0.01574
scoring_system	epss
scoring_elements	0.81507
published_at	2026-04-04T12:55:00Z

value	0.01574
scoring_system	epss
scoring_elements	0.81504
published_at	2026-04-07T12:55:00Z

value	0.01574
scoring_system	epss
scoring_elements	0.81533
published_at	2026-04-08T12:55:00Z

value	0.01574
scoring_system	epss
scoring_elements	0.81538
published_at	2026-04-13T12:55:00Z

value	0.01574
scoring_system	epss
scoring_elements	0.81558
published_at	2026-04-11T12:55:00Z

value	0.01574
scoring_system	epss
scoring_elements	0.81545
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/17e6f1507b7f2c2a883c180f4f9548445d6dfbd

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7576.yml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/ANv0HDHEC3k/T8Hgq-hYEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ANv0HDHEC3k

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7576

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7576

reference_url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_url

https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81803

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/8

reference_url

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/8

reference_url	http://www.securityfocus.com/bid/81803
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/81803

reference_url	http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301933
reference_id	1301933
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301933

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::

117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*

118

reference_url

https://github.com/advisories/GHSA-p692-7mm3-3fxg

reference_id

GHSA-p692-7mm3-3fxg

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p692-7mm3-3fxg

119

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

120

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

121

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-7576, GHSA-p692-7mm3-3fxg

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjwf-uhyk-63aj

url VCID-c1w4-z275-tqg7

vulnerability_id VCID-c1w4-z275-tqg7

summary

Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3463

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json

reference_url

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56171
published_at	2026-04-16T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5613
published_at	2026-04-04T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56161
published_at	2026-04-08T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56166
published_at	2026-04-09T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56177
published_at	2026-04-11T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-12T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56137
published_at	2026-04-13T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56001
published_at	2026-04-01T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3463

reference_url

https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64

reference_url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ

reference_url

https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain

reference_url

https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3463

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3463

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=847196
reference_id	847196
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=847196

reference_url

https://github.com/advisories/GHSA-98mf-8f57-64qf

reference_id

GHSA-98mf-8f57-64qf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-98mf-8f57-64qf

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1w4-z275-tqg7

url VCID-c8b5-d83n-nuhw

vulnerability_id VCID-c8b5-d83n-nuhw

summary

Allocation of Resources Without Limits or Throttling
There is a possible denial of service vulnerability in Action View (Rails)  where specially crafted accept headers can cause action view to consume % cpu and make the server unresponsive.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5419.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5419

reference_id

reference_type

scores

value	0.12118
scoring_system	epss
scoring_elements	0.93825
published_at	2026-04-16T12:55:00Z

value	0.12118
scoring_system	epss
scoring_elements	0.93764
published_at	2026-04-01T12:55:00Z

value	0.12118
scoring_system	epss
scoring_elements	0.93773
published_at	2026-04-02T12:55:00Z

value	0.12118
scoring_system	epss
scoring_elements	0.93783
published_at	2026-04-04T12:55:00Z

value	0.12118
scoring_system	epss
scoring_elements	0.93787
published_at	2026-04-07T12:55:00Z

value	0.12118
scoring_system	epss
scoring_elements	0.93795
published_at	2026-04-08T12:55:00Z

value	0.12118
scoring_system	epss
scoring_elements	0.93798
published_at	2026-04-09T12:55:00Z

value	0.12118
scoring_system	epss
scoring_elements	0.93803
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5419

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5419

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f4c70c2222180b8d9d924f00af0c7fd632e26715

reference_url

https://github.com/rails/rails/pull/35708

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/pull/35708

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2019-5419.yml

reference_url	https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI
reference_id
reference_type
scores
url	https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI

reference_url

https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/

reference_url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released

reference_url	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/

reference_url

http://www.openwall.com/lists/oss-security/2019/03/22/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/03/22/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1689160
reference_id	1689160
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1689160

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520
reference_id	924520
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924520

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms:4.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:::::::*
reference_id	cpe:2.3:a:redhat:cloudforms:4.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:cloudforms:4.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:::::::*
reference_id	cpe:2.3:a:redhat:software_collections:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-5419

reference_id

CVE-2019-5419

reference_type

scores

value	7.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:C

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-5419

reference_url

https://github.com/advisories/GHSA-m63j-wh5w-c252

reference_id

GHSA-m63j-wh5w-c252

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m63j-wh5w-c252

fixed_packages

url	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2019-5419, GHSA-m63j-wh5w-c252

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c8b5-d83n-nuhw

url VCID-ca7u-t1y4-uuc7

vulnerability_id VCID-ca7u-t1y4-uuc7

summary

Vulnerability in JSON Parser in Ruby on Rails 3.0 and 2.3
There is a vulnerability in the JSON code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0201.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0201.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0202.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0202.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0203.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0203.html

reference_url

https://access.redhat.com/errata/RHSA-2013:0201

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0201

reference_url

https://access.redhat.com/errata/RHSA-2013:0202

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0202

reference_url

https://access.redhat.com/errata/RHSA-2013:0203

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0203

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0333.json

reference_url

https://access.redhat.com/security/cve/CVE-2013-0333

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-0333

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0333

reference_id

reference_type

scores

value	0.91935
scoring_system	epss
scoring_elements	0.99696
published_at	2026-04-16T12:55:00Z

value	0.91935
scoring_system	epss
scoring_elements	0.99691
published_at	2026-04-02T12:55:00Z

value	0.91935
scoring_system	epss
scoring_elements	0.99692
published_at	2026-04-04T12:55:00Z

value	0.91935
scoring_system	epss
scoring_elements	0.99693
published_at	2026-04-07T12:55:00Z

value	0.91935
scoring_system	epss
scoring_elements	0.99694
published_at	2026-04-09T12:55:00Z

value	0.91935
scoring_system	epss
scoring_elements	0.99695
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0333

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=903440

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=903440

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0333

reference_url

https://github.com/advisories/GHSA-xgr2-v94m-rc9g

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xgr2-v94m-rc9g

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-0333.yml

reference_url

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo

reference_url

https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/52179af76915e518?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0333

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0333

reference_url

https://puppet.com/security/cve/cve-2013-0333

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-0333

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/

reference_url

http://www.debian.org/security/2013/dsa-2613

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2613

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0153.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226
reference_id	699226
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb
reference_id	CVE-2013-0333;OSVDB-89594
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24434.rb

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0333, GHSA-xgr2-v94m-rc9g, OSV-89594

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ca7u-t1y4-uuc7

url VCID-carc-ntrd-ebfe

vulnerability_id VCID-carc-ntrd-ebfe

summary

Multiple vulnerabilities in parameter parsing in Action Pack
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

references

reference_url	http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
reference_id
reference_type
scores
url	http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_url	http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0153.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0156.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0156

reference_id

reference_type

scores

value	0.91907
scoring_system	epss
scoring_elements	0.99694
published_at	2026-04-16T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.99692
published_at	2026-04-09T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.99689
published_at	2026-04-02T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.99693
published_at	2026-04-11T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.99691
published_at	2026-04-07T12:55:00Z

value	0.91907
scoring_system	epss
scoring_elements	0.9969
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0156

reference_url

https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0156

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain

reference_url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/2013-0156/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/c1432d0f8c70e89d?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0156

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0156

reference_url	https://puppet.com/security/cve/cve-2013-0156
reference_id
reference_type
scores
url	https://puppet.com/security/cve/cve-2013-0156

reference_url

https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140111025708/http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html

reference_url

https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160415043747/https://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_url

https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156

reference_url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/

reference_url

http://www.debian.org/security/2013/dsa-2604

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2604

reference_url

http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.fujitsu.com/global/support/software/security/products-f/sw-sv-rcve-ror201301e.html

reference_url

http://www.insinuator.net/2013/01/rails-yaml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.insinuator.net/2013/01/rails-yaml

reference_url	http://www.insinuator.net/2013/01/rails-yaml/
reference_id
reference_type
scores
url	http://www.insinuator.net/2013/01/rails-yaml/

reference_url

http://www.kb.cert.org/vuls/id/380039

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/380039

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jmgw-6vjg-jjwg

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722
reference_id	697722
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697722

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=892870
reference_id	892870
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=892870

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url	https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/
reference_id	CVE-2013-0156
reference_type
scores
url	https://web.archive.org/web/20160806154149/https://puppet.com/security/cve/cve-2013-0156/

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb
reference_id	CVE-2013-0156;OSVDB-89026
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/24019.rb

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb
reference_id	CVE-2013-0156;OSVDB-89026
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/27527.rb

reference_url

reference_id

GHSA-jmgw-6vjg-jjwg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jmgw-6vjg-jjwg

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

reference_url	https://access.redhat.com/errata/RHSA-2013:0153
reference_id	RHSA-2013:0153
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0153

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

reference_url	https://access.redhat.com/errata/RHSA-2013:0155
reference_id	RHSA-2013:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0155

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0156, GHSA-jmgw-6vjg-jjwg, OSV-89026

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-carc-ntrd-ebfe

url VCID-ce39-j83r-6ug9

vulnerability_id VCID-ce39-j83r-6ug9

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22577

reference_id

reference_type

scores

value	0.00287
scoring_system	epss
scoring_elements	0.52201
published_at	2026-04-16T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5216
published_at	2026-04-13T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52175
published_at	2026-04-12T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52192
published_at	2026-04-11T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52141
published_at	2026-04-09T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52145
published_at	2026-04-08T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52091
published_at	2026-04-07T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52099
published_at	2026-04-02T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52126
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec

reference_url

https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508

reference_url

https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b

reference_url

https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809

reference_url

https://github.com/rails/rails/pull/44635

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/pull/44635

reference_url

https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_url

https://security.netapp.com/advisory/ntap-20221118-0002

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221118-0002

reference_url	https://security.netapp.com/advisory/ntap-20221118-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221118-0002/

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22577

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941
reference_id	1011941
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2080302
reference_id	2080302
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2080302

reference_url

reference_id

CVE-2022-22577

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22577

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml

reference_id

CVE-2022-22577.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml

reference_url

https://github.com/advisories/GHSA-mm33-5vfq-3mm3

reference_id

GHSA-mm33-5vfq-3mm3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mm33-5vfq-3mm3

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-22577, GHSA-mm33-5vfq-3mm3, GMS-2022-1137

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ce39-j83r-6ug9

url VCID-cnqr-6e98-5kgk

vulnerability_id VCID-cnqr-6e98-5kgk

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0446

reference_id

reference_type

scores

value	0.0067
scoring_system	epss
scoring_elements	0.71366
published_at	2026-04-16T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71274
published_at	2026-04-07T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71282
published_at	2026-04-02T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.713
published_at	2026-04-04T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71316
published_at	2026-04-08T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71329
published_at	2026-04-09T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71352
published_at	2026-04-11T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.71337
published_at	2026-04-12T12:55:00Z

value	0.0067
scoring_system	epss
scoring_elements	0.7132
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0446

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0446

reference_url	http://secunia.com/advisories/43274
reference_id
reference_type
scores
url	http://secunia.com/advisories/43274

reference_url	http://secunia.com/advisories/43666
reference_id
reference_type
scores
url	http://secunia.com/advisories/43666

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/abe97736b8316f1b714cac56c115c0779aa73217

reference_url

https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e3dd2107c57a8efaaea5d61cf8da65f7444760b2

reference_url

https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ

reference_url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274

reference_url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666

reference_url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

reference_url

https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200812054342/http://www.securitytracker.com/id?1025064

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0446

reference_url	http://www.securityfocus.com/bid/46291
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/46291

reference_url	http://www.securitytracker.com/id?1025064
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1025064

reference_url	http://www.vupen.com/english/advisories/2011/0587
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0587

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
reference_id	614864
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url

reference_id

CVE-2011-0446

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0446

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml

reference_id

CVE-2011-0446.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0446.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml

reference_id

CVE-2011-0446.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml

reference_url

https://github.com/advisories/GHSA-75w6-p6mg-vh8j

reference_id

GHSA-75w6-p6mg-vh8j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-75w6-p6mg-vh8j

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.11-0.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.11-0.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.11-0.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-0446, GHSA-75w6-p6mg-vh8j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cnqr-6e98-5kgk

url VCID-cwa7-9d2t-rfhb

vulnerability_id VCID-cwa7-9d2t-rfhb

summary

actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3465

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3465.json

reference_url

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56171
published_at	2026-04-16T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-07T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5613
published_at	2026-04-04T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56161
published_at	2026-04-08T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56166
published_at	2026-04-09T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56177
published_at	2026-04-11T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-12T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56137
published_at	2026-04-13T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56001
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3465

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77

reference_url

https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a

reference_url

https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=847200
reference_id	847200
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=847200

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3465

reference_id

CVE-2012-3465

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3465

reference_url

https://github.com/advisories/GHSA-7g65-ghrg-hpf5

reference_id

GHSA-7g65-ghrg-hpf5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7g65-ghrg-hpf5

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwa7-9d2t-rfhb

url VCID-d15q-6ukb-wfff

vulnerability_id VCID-d15q-6ukb-wfff

summary

Object leak vulnerability for wildcard controller routes
Users that have a route that contains the string `:controller` are susceptible to objects being leaked globally which can lead to unbounded memory growth. To identify if your application is vulnerable, look for routes that contain `:controller`.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178067.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7581

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7581.json

reference_url

reference_id

reference_type

scores

value	0.07108
scoring_system	epss
scoring_elements	0.91558
published_at	2026-04-16T12:55:00Z

value	0.07108
scoring_system	epss
scoring_elements	0.91492
published_at	2026-04-01T12:55:00Z

value	0.07108
scoring_system	epss
scoring_elements	0.91498
published_at	2026-04-02T12:55:00Z

value	0.07108
scoring_system	epss
scoring_elements	0.91505
published_at	2026-04-04T12:55:00Z

value	0.07108
scoring_system	epss
scoring_elements	0.91512
published_at	2026-04-07T12:55:00Z

value	0.07108
scoring_system	epss
scoring_elements	0.91525
published_at	2026-04-08T12:55:00Z

value	0.07108
scoring_system	epss
scoring_elements	0.91531
published_at	2026-04-09T12:55:00Z

value	0.07108
scoring_system	epss
scoring_elements	0.91536
published_at	2026-04-13T12:55:00Z

value	0.07108
scoring_system	epss
scoring_elements	0.91538
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2015-7581.yml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/dthJ5wL69JE/IdvCimtZEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/dthJ5wL69JE

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7581

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7581

reference_url

https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228001849/http://www.securityfocus.com/bid/81677

reference_url

https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200516093752/http://www.securitytracker.com/id/1034816

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/16

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/16

reference_url	http://www.securityfocus.com/bid/81677
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/81677

reference_url	http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301981
reference_id	1301981
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301981

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::

reference_url

https://github.com/advisories/GHSA-9h6g-gp95-x3q5

reference_id

GHSA-9h6g-gp95-x3q5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9h6g-gp95-x3q5

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-7581, GHSA-9h6g-gp95-x3q5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d15q-6ukb-wfff

url VCID-dd9p-x7k3-37ea

vulnerability_id VCID-dd9p-x7k3-37ea

summary

Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
The `redirect_to` method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been assigned the CVE identifier CVE-2023-28362.

Versions Affected: All. Not affected: None Fixed Versions: 7.0.5.1, 6.1.7.4

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28362

reference_id

reference_type

scores

value	0.00224
scoring_system	epss
scoring_elements	0.45215
published_at	2026-04-16T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45164
published_at	2026-04-13T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45162
published_at	2026-04-12T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45194
published_at	2026-04-11T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45174
published_at	2026-04-09T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45173
published_at	2026-04-08T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45177
published_at	2026-04-04T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.4512
published_at	2026-04-07T12:55:00Z

value	0.00224
scoring_system	epss
scoring_elements	0.45155
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362

reference_url

https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441

reference_url

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441

reference_url

https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5

reference_url

https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23

reference_url

https://security.netapp.com/advisory/ntap-20250502-0009

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250502-0009

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058
reference_id	1051058
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2217785
reference_id	2217785
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2217785

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-28362

reference_id

CVE-2023-28362

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-28362

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml

reference_id

CVE-2023-28362.YML

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml

reference_url

https://github.com/advisories/GHSA-4g8v-vg43-wpgf

reference_id

GHSA-4g8v-vg43-wpgf

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/

url

https://github.com/advisories/GHSA-4g8v-vg43-wpgf

reference_url	https://access.redhat.com/errata/RHSA-2023:7851
reference_id	RHSA-2023:7851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7851

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-28362, GHSA-4g8v-vg43-wpgf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dd9p-x7k3-37ea

url VCID-drg6-gj1f-h7ea

vulnerability_id VCID-drg6-gj1f-h7ea

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21831

reference_id

reference_type

scores

value	0.0142
scoring_system	epss
scoring_elements	0.80614
published_at	2026-04-16T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80585
published_at	2026-04-13T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80592
published_at	2026-04-12T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80606
published_at	2026-04-11T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80559
published_at	2026-04-04T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.8055
published_at	2026-04-07T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80537
published_at	2026-04-02T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80589
published_at	2026-04-09T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80579
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubysec.com/advisories/CVE-2022-21831

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://rubysec.com/advisories/CVE-2022-21831

reference_url

https://security.netapp.com/advisory/ntap-20221118-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221118-0001

reference_url	https://security.netapp.com/advisory/ntap-20221118-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221118-0001/

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21831

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940
reference_id	1011940
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064747
reference_id	2064747
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064747

reference_url

reference_id

CVE-2022-21831

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21831

reference_url	https://rubysec.com/advisories/CVE-2022-21831/
reference_id	CVE-2022-21831
reference_type
scores
url	https://rubysec.com/advisories/CVE-2022-21831/

reference_url

https://github.com/advisories/GHSA-w749-p3v6-hccq

reference_id

GHSA-w749-p3v6-hccq

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-w749-p3v6-hccq

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.7%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-21831, GHSA-w749-p3v6-hccq, GMS-2022-301

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drg6-gj1f-h7ea

url VCID-e3j5-xgbr-2qa1

vulnerability_id VCID-e3j5-xgbr-2qa1

summary

Possible DoS Vulnerability
A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `"some string #{user_input}" % some_number`

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4389

reference_id

reference_type

scores

value	0.01333
scoring_system	epss
scoring_elements	0.79991
published_at	2026-04-16T12:55:00Z

value	0.01333
scoring_system	epss
scoring_elements	0.79921
published_at	2026-04-02T12:55:00Z

value	0.01333
scoring_system	epss
scoring_elements	0.79942
published_at	2026-04-04T12:55:00Z

value	0.01333
scoring_system	epss
scoring_elements	0.7993
published_at	2026-04-07T12:55:00Z

value	0.01333
scoring_system	epss
scoring_elements	0.79959
published_at	2026-04-08T12:55:00Z

value	0.01333
scoring_system	epss
scoring_elements	0.79968
published_at	2026-04-09T12:55:00Z

value	0.01333
scoring_system	epss
scoring_elements	0.79988
published_at	2026-04-11T12:55:00Z

value	0.01333
scoring_system	epss
scoring_elements	0.79971
published_at	2026-04-12T12:55:00Z

value	0.01333
scoring_system	epss
scoring_elements	0.79963
published_at	2026-04-13T12:55:00Z

value	0.01333
scoring_system	epss
scoring_elements	0.79914
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/118
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/118

reference_url

https://github.com/advisories/GHSA-rg5m-3fqp-6px8

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rg5m-3fqp-6px8

reference_url

https://github.com/rails/rails/tree/main/actionmailer

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/tree/main/actionmailer

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4389

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4389

reference_url

https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ

reference_url

http://www.debian.org/security/2014/dsa-2887

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2014/dsa-2887

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/02/06/7

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1013913
reference_id	1013913
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1013913

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-4389, GHSA-rg5m-3fqp-6px8, OSV-98629

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3j5-xgbr-2qa1

url VCID-eb5z-q7rj-j7hh

vulnerability_id VCID-eb5z-q7rj-j7hh

summary

Active Record component in Ruby on Rails has a data-type injection vulnerability
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.

references

reference_url

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/02/06/7

reference_url

http://openwall.com/lists/oss-security/2013/04/24/7

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/04/24/7

reference_url

http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails

reference_url	http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails/
reference_id
reference_type
scores
url	http://pl.reddit.com/r/netsec/comments/17yajp/mysql_madness_and_rails/

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3221.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-3221

reference_id

reference_type

scores

value	0.00483
scoring_system	epss
scoring_elements	0.65227
published_at	2026-04-16T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65111
published_at	2026-04-01T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65161
published_at	2026-04-02T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65186
published_at	2026-04-04T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65152
published_at	2026-04-07T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65202
published_at	2026-04-08T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65214
published_at	2026-04-09T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65233
published_at	2026-04-11T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.6522
published_at	2026-04-12T12:55:00Z

value	0.00483
scoring_system	epss
scoring_elements	0.65192
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-3221

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3221

reference_url	https://gist.github.com/dakull/5442275
reference_id
reference_type
scores
url	https://gist.github.com/dakull/5442275

reference_url

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain

reference_url

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/1f3bc0b88a60c1ce?dmode=source&output=gplain

reference_url

https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130825191249/http://www.phenoelit.org/blog/archives/2013/02/index.html

reference_url	http://www.phenoelit.org/blog/archives/2013/02/index.html
reference_id
reference_type
scores
url	http://www.phenoelit.org/blog/archives/2013/02/index.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=954365
reference_id	954365
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=954365

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

117

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-3221

reference_id

CVE-2013-3221

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-3221

118

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml

reference_id

CVE-2013-3221.YML

reference_type

scores

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-3221.yml

119

reference_url

https://github.com/advisories/GHSA-f57c-hx33-hvh8

reference_id

GHSA-f57c-hx33-hvh8

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f57c-hx33-hvh8

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-3221, GHSA-f57c-hx33-hvh8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eb5z-q7rj-j7hh

url VCID-ed3f-3bxh-eba4

vulnerability_id VCID-ed3f-3bxh-eba4

summary

activesupport vulnerable to Denial of Service via large XML document depth
The (1) `jdom.rb` and (2) `rexml.rb` components in Active Support in Ruby on Rails before 3.2.22, 4.1.x before 4.1.11, and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2015-07/msg00050.html

reference_url

http://openwall.com/lists/oss-security/2015/06/16/16

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2015/06/16/16

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3227.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3227

reference_id

reference_type

scores

value	0.02683
scoring_system	epss
scoring_elements	0.85849
published_at	2026-04-13T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85853
published_at	2026-04-12T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85856
published_at	2026-04-11T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85841
published_at	2026-04-09T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85831
published_at	2026-04-08T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85812
published_at	2026-04-07T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85807
published_at	2026-04-04T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85776
published_at	2026-04-01T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85789
published_at	2026-04-02T12:55:00Z

value	0.02683
scoring_system	epss
scoring_elements	0.85868
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/12f763ce1131d29d24bd0d8f868e2697a139aea3

reference_url

https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/153cc843ad95930b00b0ca91d30b599b7dec9680

reference_url

https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/78b29e08c700d889837af6c51c7debd3864abc3d

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/bahr2JLnxvk/x4EocXnHPp8J

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/bahr2JLnxvk

reference_url

https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228041703/http://www.securityfocus.com/bid/75234

reference_url

https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3227

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1232302
reference_id	1232302
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1232302

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487
reference_id	790487
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790487

reference_url

reference_id

CVE-2015-3227

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3227

reference_url

https://github.com/advisories/GHSA-j96r-xvjq-r9pg

reference_id

GHSA-j96r-xvjq-r9pg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j96r-xvjq-r9pg

fixed_packages

url	pkg:deb/debian/rails@2:4.2.4-2?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.4-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-3227, GHSA-j96r-xvjq-r9pg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ed3f-3bxh-eba4

url VCID-ehbj-aezy-d7h4

vulnerability_id VCID-ehbj-aezy-d7h4

summary

Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch

There is a possible ReDoS vulnerability in the Accept header parsing routines
of Action Dispatch. This vulnerability has been assigned the CVE identifier
CVE-2024-26142.

Versions Affected:  >= 7.1.0, < 7.1.3.1
Not affected:       < 7.1.0
Fixed Versions:     7.1.3.1

Impact
------
Carefully crafted Accept headers can cause Accept header parsing in Action
Dispatch to take an unexpected amount of time, possibly resulting in a DoS
vulnerability.  All users running an affected release should either upgrade or
use one of the workarounds immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby
3.2 or newer are unaffected.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 7-1-accept-redox.patch - Patch for 7.1 series

Credits
-------
Thanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-26142

reference_id

reference_type

scores

value	0.03542
scoring_system	epss
scoring_elements	0.87692
published_at	2026-04-16T12:55:00Z

value	0.03542
scoring_system	epss
scoring_elements	0.87677
published_at	2026-04-13T12:55:00Z

value	0.03542
scoring_system	epss
scoring_elements	0.8768
published_at	2026-04-12T12:55:00Z

value	0.03542
scoring_system	epss
scoring_elements	0.87685
published_at	2026-04-11T12:55:00Z

value	0.03542
scoring_system	epss
scoring_elements	0.87632
published_at	2026-04-02T12:55:00Z

value	0.03542
scoring_system	epss
scoring_elements	0.87647
published_at	2026-04-07T12:55:00Z

value	0.03542
scoring_system	epss
scoring_elements	0.87645
published_at	2026-04-04T12:55:00Z

value	0.03542
scoring_system	epss
scoring_elements	0.87674
published_at	2026-04-09T12:55:00Z

value	0.03542
scoring_system	epss
scoring_elements	0.87667
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-26142

reference_url

https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272

reference_url

https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-26142

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-26142

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2266324
reference_id	2266324
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2266324

reference_url

https://github.com/advisories/GHSA-jjhx-jhvp-74wq

reference_id

GHSA-jjhx-jhvp-74wq

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jjhx-jhvp-74wq

reference_url

https://security.netapp.com/advisory/ntap-20240503-0003/

reference_id

ntap-20240503-0003

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/

url

https://security.netapp.com/advisory/ntap-20240503-0003/

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-26142, GHSA-jjhx-jhvp-74wq

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehbj-aezy-d7h4

url VCID-es1t-7196-4kbb

vulnerability_id VCID-es1t-7196-4kbb

summary

CSRF Vulnerability in rails-ujs
There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains.

Versions Affected:  rails <= 6.0.3
Not affected:       Applications which don't use rails-ujs.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

Impact
------

This is a regression of CVE-2015-1840.

In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or action to a cross-origin URL, and the CSRF token will be sent.

Workarounds
-----------

To work around this problem, change code that allows users to control the href attribute of an anchor tag or the action attribute of a form tag to filter the user parameters.

For example, code like this:

    link_to params

to code like this:

    link_to filtered_params

    def filtered_params
      # Filter just the parameters that you trust
    end

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8167.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8167

reference_id

reference_type

scores

value	0.00592
scoring_system	epss
scoring_elements	0.69281
published_at	2026-04-16T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69242
published_at	2026-04-13T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69271
published_at	2026-04-12T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69285
published_at	2026-04-11T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69177
published_at	2026-04-01T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69245
published_at	2026-04-08T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69195
published_at	2026-04-07T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69213
published_at	2026-04-04T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69192
published_at	2026-04-02T12:55:00Z

value	0.00592
scoring_system	epss
scoring_elements	0.69263
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8167

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8167.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

reference_url

https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0

reference_url

https://hackerone.com/reports/189878

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/189878

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8167

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8167

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xq5j-gw7f-jgj8

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1843084
reference_id	1843084
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1843084

reference_url

reference_id

GHSA-xq5j-gw7f-jgj8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xq5j-gw7f-jgj8

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8167, GHSA-xq5j-gw7f-jgj8

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-es1t-7196-4kbb

url VCID-g3rk-djae-pkeh

vulnerability_id VCID-g3rk-djae-pkeh

summary

Possible Content Security Policy bypass in Action Dispatch
There is a possible Cross Site Scripting (XSS) vulnerability  in the `content_security_policy` helper in Action Pack.

Impact
------
Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.

Credits
-------
Thanks to [ryotak](https://hackerone.com/ryotak) for the report!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-54133

reference_id

reference_type

scores

value	0.00122
scoring_system	epss
scoring_elements	0.31424
published_at	2026-04-02T12:55:00Z

value	0.00122
scoring_system	epss
scoring_elements	0.31466
published_at	2026-04-04T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40871
published_at	2026-04-12T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40906
published_at	2026-04-11T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40834
published_at	2026-04-07T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.4089
published_at	2026-04-09T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40883
published_at	2026-04-08T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40895
published_at	2026-04-16T12:55:00Z

value	0.0019
scoring_system	epss
scoring_elements	0.40852
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-54133

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49

reference_url

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49

reference_url

https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a

reference_url

https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542

reference_url

https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d

reference_url

https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v

reference_id

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/

url

https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-54133

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-54133

reference_url

https://security.netapp.com/advisory/ntap-20250306-0010

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250306-0010

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755
reference_id	1089755
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2331619
reference_id	2331619
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2331619

reference_url

https://github.com/advisories/GHSA-vfm5-rmrh-j26v

reference_id

GHSA-vfm5-rmrh-j26v

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vfm5-rmrh-j26v

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-54133, GHSA-vfm5-rmrh-j26v

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3rk-djae-pkeh

url VCID-g5q6-7uav-sqh1

vulnerability_id VCID-g5q6-7uav-sqh1

summary

Remote code execution via user-provided local names in ActionView
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

references

reference_url

http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/158604/Ruby-On-Rails-5.0.1-Remote-Code-Execution.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8163.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8163

reference_id

reference_type

scores

value	0.90927
scoring_system	epss
scoring_elements	0.99632
published_at	2026-04-07T12:55:00Z

value	0.90927
scoring_system	epss
scoring_elements	0.99634
published_at	2026-04-16T12:55:00Z

value	0.90927
scoring_system	epss
scoring_elements	0.99633
published_at	2026-04-13T12:55:00Z

value	0.90927
scoring_system	epss
scoring_elements	0.99631
published_at	2026-04-04T12:55:00Z

value	0.90927
scoring_system	epss
scoring_elements	0.9963
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8163

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8163

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-8163.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0

reference_url

https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0

reference_url

https://hackerone.com/reports/304805

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/304805

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8163

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8163

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1848724
reference_id	1848724
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1848724

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb
reference_id	CVE-2020-8163
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/48716.rb

reference_url

https://github.com/advisories/GHSA-cr3x-7m39-c6jq

reference_id

GHSA-cr3x-7m39-c6jq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cr3x-7m39-c6jq

fixed_packages

url	pkg:deb/debian/rails@2:5.2.0%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.0%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.0%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8163, GHSA-cr3x-7m39-c6jq

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g5q6-7uav-sqh1

url VCID-gjey-bqtd-kqa1

vulnerability_id VCID-gjey-bqtd-kqa1

summary

Action Pack contains Information Disclosure / Unintended Method Execution vulnerability
Impact
------
There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the `redirect_to` or `polymorphic_url` helper with untrusted user input.

Vulnerable code will look like this.

```
redirect_to(params[:some_param])
```

All users running an affected release should either upgrade or use one of the workarounds immediately.

Releases
--------
The FIXED releases are available at the normal locations.

Workarounds
-----------
To work around this problem, it is recommended to use an allow list for valid parameters passed from the user.  For example,

```ruby
private def check(param)
  case param
  when "valid"
    param
  else
    "/"
  end
end

def index
  redirect_to(check(params[:some_param]))
end
```

Or force the user input to be cast to a string like this,

```ruby
def index
  redirect_to(params[:some_param].to_s)
end
```

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* 5-2-information-disclosure.patch - Patch for 5.2 series
* 6-0-information-disclosure.patch - Patch for 6.0 series
* 6-1-information-disclosure.patch - Patch for 6.1 series

Please note that only the 5.2, 6.0, and 6.1 series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Credits
-------

Thanks to Benoit Côté-Jodoin from Shopify for reporting this.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22885.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22885

reference_id

reference_type

scores

value	0.03096
scoring_system	epss
scoring_elements	0.86805
published_at	2026-04-11T12:55:00Z

value	0.03096
scoring_system	epss
scoring_elements	0.86812
published_at	2026-04-16T12:55:00Z

value	0.03096
scoring_system	epss
scoring_elements	0.86736
published_at	2026-04-01T12:55:00Z

value	0.03096
scoring_system	epss
scoring_elements	0.86797
published_at	2026-04-13T12:55:00Z

value	0.03096
scoring_system	epss
scoring_elements	0.86746
published_at	2026-04-02T12:55:00Z

value	0.03096
scoring_system	epss
scoring_elements	0.86765
published_at	2026-04-04T12:55:00Z

value	0.03096
scoring_system	epss
scoring_elements	0.86763
published_at	2026-04-07T12:55:00Z

value	0.03096
scoring_system	epss
scoring_elements	0.86783
published_at	2026-04-08T12:55:00Z

value	0.03096
scoring_system	epss
scoring_elements	0.86791
published_at	2026-04-09T12:55:00Z

value	0.03096
scoring_system	epss
scoring_elements	0.86802
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22885

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22885.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/NiQl-48cXYI

reference_url

https://hackerone.com/reports/1106652

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1106652

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22885

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22885

reference_url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_url	https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210805-0009/

reference_url	https://www.debian.org/security/2021/dsa-4929
reference_id
reference_type
scores
url	https://www.debian.org/security/2021/dsa-4929

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1957441
reference_id	1957441
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1957441

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id	988214
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214

reference_url

reference_id

AVG-1920

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1921

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2090

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2223

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-hjg4-8q5f-x6fm

reference_url

reference_id

GHSA-hjg4-8q5f-x6fm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hjg4-8q5f-x6fm

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22885, GHSA-hjg4-8q5f-x6fm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gjey-bqtd-kqa1

url VCID-gsx2-9sc2-3fbr

vulnerability_id VCID-gsx2-9sc2-3fbr

summary

Moderate severity vulnerability that affects rails
Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails/commit/bfe032858077bb2946abe25e95e485ba6da86bd5

reference_url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1

reference_url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4214.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-4214

reference_id

reference_type

scores

value	0.01632
scoring_system	epss
scoring_elements	0.81937
published_at	2026-04-16T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81837
published_at	2026-04-01T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81848
published_at	2026-04-02T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.8187
published_at	2026-04-04T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81866
published_at	2026-04-07T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81893
published_at	2026-04-08T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81899
published_at	2026-04-09T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81919
published_at	2026-04-11T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81907
published_at	2026-04-12T12:55:00Z

value	0.01632
scoring_system	epss
scoring_elements	0.81902
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-4214

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4214

reference_url

http://secunia.com/advisories/37446

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/37446

reference_url

http://secunia.com/advisories/38915

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/38915

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2009/11/30/ruby-on-rails-2-3-5-released

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/11/27/2

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/11/27/2

reference_url

http://www.openwall.com/lists/oss-security/2009/12/08/3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/12/08/3

reference_url

http://www.securityfocus.com/bid/37142

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/37142

reference_url

http://www.securitytracker.com/id?1023245

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id?1023245

reference_url

http://www.vupen.com/english/advisories/2009/3352

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2009/3352

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=542786
reference_id	542786
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=542786

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id	558685
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-4214

reference_id

CVE-2009-4214

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-4214

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml

reference_id

CVE-2009-4214.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2009-4214.yml

reference_url

https://github.com/advisories/GHSA-9p3v-wf2w-v29c

reference_id

GHSA-9p3v-wf2w-v29c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-9p3v-wf2w-v29c

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.2.3-2?distro=trixie
purl	pkg:deb/debian/rails@2.2.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2009-4214, GHSA-9p3v-wf2w-v29c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsx2-9sc2-3fbr

url VCID-h94p-ywve-y7h9

vulnerability_id VCID-h94p-ywve-y7h9

summary

XSS Vulnerability in simple_format helper
The simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6416

reference_id

reference_type

scores

value	0.00236
scoring_system	epss
scoring_elements	0.46448
published_at	2026-04-01T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46573
published_at	2026-04-16T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46516
published_at	2026-04-13T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46535
published_at	2026-04-11T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46512
published_at	2026-04-09T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46456
published_at	2026-04-07T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46507
published_at	2026-04-12T12:55:00Z

value	0.00236
scoring_system	epss
scoring_elements	0.46487
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6416

reference_url	http://seclists.org/oss-sec/2013/q4/404
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/404

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6416

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6416

reference_url

https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1036914
reference_id	1036914
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1036914

reference_url

https://github.com/advisories/GHSA-w37c-q653-qg95

reference_id

GHSA-w37c-q653-qg95

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w37c-q653-qg95

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-6416, GHSA-w37c-q653-qg95, OSV-100526

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h94p-ywve-y7h9

url VCID-hbtn-7423-m3gb

vulnerability_id VCID-hbtn-7423-m3gb

summary

Circumvention of attr_protected
The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0686.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0276

reference_id

reference_type

scores

value	0.00606
scoring_system	epss
scoring_elements	0.69678
published_at	2026-04-16T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.6957
published_at	2026-04-01T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69582
published_at	2026-04-02T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69598
published_at	2026-04-04T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69577
published_at	2026-04-07T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69627
published_at	2026-04-08T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69644
published_at	2026-04-09T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69666
published_at	2026-04-11T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69652
published_at	2026-04-12T12:55:00Z

value	0.00606
scoring_system	epss
scoring_elements	0.69637
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0276

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0276

reference_url	http://secunia.com/advisories/52112
reference_id
reference_type
scores
url	http://secunia.com/advisories/52112

reference_url	http://secunia.com/advisories/52774
reference_id
reference_type
scores
url	http://secunia.com/advisories/52774

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8

reference_url

https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0276

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0276

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896

reference_url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/5

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/5

reference_url	http://www.osvdb.org/90072
reference_id
reference_type
scores
url	http://www.osvdb.org/90072

reference_url	http://www.securityfocus.com/bid/57896
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/57896

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=909528
reference_id	909528
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=909528

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

reference_url

https://github.com/advisories/GHSA-gr44-7grc-37vq

reference_id

GHSA-gr44-7grc-37vq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gr44-7grc-37vq

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

reference_url	https://access.redhat.com/errata/RHSA-2013:0686
reference_id	RHSA-2013:0686
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0686

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0276, GHSA-gr44-7grc-37vq, OSV-90072

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbtn-7423-m3gb

url VCID-hmp2-rmzv-wkhg

vulnerability_id VCID-hmp2-rmzv-wkhg

summary

Improper Input Validation
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2929

reference_id

reference_type

scores

value	0.00814
scoring_system	epss
scoring_elements	0.74282
published_at	2026-04-12T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74301
published_at	2026-04-11T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.7428
published_at	2026-04-09T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74259
published_at	2026-04-04T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74232
published_at	2026-04-07T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74228
published_at	2026-04-01T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74265
published_at	2026-04-08T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74311
published_at	2026-04-16T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74274
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2929

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731432

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731432

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml

reference_url

https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2929

reference_id

CVE-2011-2929

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2929

reference_url

https://github.com/advisories/GHSA-r7q2-5gqg-6c7q

reference_id

GHSA-r7q2-5gqg-6c7q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r7q2-5gqg-6c7q

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2929, GHSA-r7q2-5gqg-6c7q

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmp2-rmzv-wkhg

url VCID-hppf-a715-r7b2

vulnerability_id VCID-hppf-a715-r7b2

summary

ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22795

reference_id

reference_type

scores

value	0.01523
scoring_system	epss
scoring_elements	0.81303
published_at	2026-04-16T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.8121
published_at	2026-04-02T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81234
published_at	2026-04-07T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81262
published_at	2026-04-08T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81267
published_at	2026-04-09T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81288
published_at	2026-04-11T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81274
published_at	2026-04-12T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81266
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f

reference_url

https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0

reference_url

https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164799
reference_id	2164799
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164799

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22795

reference_id

CVE-2023-22795

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22795

reference_url

https://github.com/advisories/GHSA-8xww-x3g3-6jcv

reference_id

GHSA-8xww-x3g3-6jcv

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8xww-x3g3-6jcv

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hppf-a715-r7b2

url VCID-hr2h-y693-sbgc

vulnerability_id VCID-hr2h-y693-sbgc

summary

activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3464

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3464.json

reference_url

reference_id

reference_type

scores

value	0.00333
scoring_system	epss
scoring_elements	0.56171
published_at	2026-04-16T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56137
published_at	2026-04-13T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56153
published_at	2026-04-12T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56177
published_at	2026-04-11T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56166
published_at	2026-04-09T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56161
published_at	2026-04-08T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.56001
published_at	2026-04-01T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5613
published_at	2026-04-04T12:55:00Z

value	0.00333
scoring_system	epss
scoring_elements	0.5611
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3464

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3464

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce

reference_url

https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23

reference_url

https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870

reference_url

https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc

reference_url

https://github.com/rails/rails/issues/7215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/issues/7215

reference_url

https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain

reference_url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=847199
reference_id	847199
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=847199

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3464

reference_id

CVE-2012-3464

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3464

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml

reference_id

CVE-2012-3464.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml

reference_url

https://github.com/advisories/GHSA-h835-75hw-pj89

reference_id

GHSA-h835-75hw-pj89

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-h835-75hw-pj89

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-3464, GHSA-h835-75hw-pj89, OSV-84516

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hr2h-y693-sbgc

url VCID-j24x-nhsb-yug6

vulnerability_id VCID-j24x-nhsb-yug6

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html

reference_url

http://openwall.com/lists/oss-security/2011/06/09/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2011/06/09/2

reference_url

http://openwall.com/lists/oss-security/2011/06/13/9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2011/06/13/9

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2197

reference_id

reference_type

scores

value	0.00442
scoring_system	epss
scoring_elements	0.63314
published_at	2026-04-16T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.6319
published_at	2026-04-01T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63249
published_at	2026-04-02T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63278
published_at	2026-04-13T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63243
published_at	2026-04-07T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63295
published_at	2026-04-08T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63313
published_at	2026-04-09T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.6333
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2197

reference_url	http://secunia.com/advisories/44789
reference_id
reference_type
scores
url	http://secunia.com/advisories/44789

reference_url

https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd

reference_url

https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da

reference_url

http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2197

reference_id

CVE-2011-2197

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2197

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml

reference_id

CVE-2011-2197.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml

reference_url

https://github.com/advisories/GHSA-v9v4-7jp6-8c73

reference_id

GHSA-v9v4-7jp6-8c73

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v9v4-7jp6-8c73

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2197, GHSA-v9v4-7jp6-8c73

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j24x-nhsb-yug6

url VCID-j7p8-hchp-xbe3

vulnerability_id VCID-j7p8-hchp-xbe3

summary

Unsafe Query Generation Risk in Ruby on Rails
Due to the way Active Record interprets parameters in combination with the way that JSON parameters are parsed, it is possible for an attacker to issue unexpected database queries with "IS NULL" or empty where clauses. This issue does *not* let an attacker insert arbitrary values into an SQL query, however they can cause the query to check for NULL or eliminate a WHERE clause when most users wouldn't expect it.

references

reference_url

http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0155

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0155.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0155.json

reference_url

reference_id

reference_type

scores

value	0.18174
scoring_system	epss
scoring_elements	0.95199
published_at	2026-04-16T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95166
published_at	2026-04-02T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95167
published_at	2026-04-04T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95171
published_at	2026-04-07T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95178
published_at	2026-04-08T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95182
published_at	2026-04-09T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95188
published_at	2026-04-12T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95191
published_at	2026-04-13T12:55:00Z

value	0.18174
scoring_system	epss
scoring_elements	0.95155
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0155.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI

reference_url

https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0155

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0155

reference_url	https://puppet.com/security/cve/cve-2013-0155
reference_id
reference_type
scores
url	https://puppet.com/security/cve/cve-2013-0155

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2609

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2013/dsa-2609

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=892866
reference_id	892866
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=892866

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:::::::*

reference_url

https://github.com/advisories/GHSA-gppp-5xc5-wfpx

reference_id

GHSA-gppp-5xc5-wfpx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gppp-5xc5-wfpx

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

reference_url	https://access.redhat.com/errata/RHSA-2013:0155
reference_id	RHSA-2013:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0155

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0155, GHSA-gppp-5xc5-wfpx, OSV-89025

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j7p8-hchp-xbe3

url VCID-j8zg-kq3z-jqcm

vulnerability_id VCID-j8zg-kq3z-jqcm

summary

Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-3933

reference_id

reference_type

scores

value	0.00712
scoring_system	epss
scoring_elements	0.72327
published_at	2026-04-16T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72239
published_at	2026-04-01T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72245
published_at	2026-04-02T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72265
published_at	2026-04-04T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72241
published_at	2026-04-07T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.7228
published_at	2026-04-08T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72292
published_at	2026-04-09T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72314
published_at	2026-04-11T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72297
published_at	2026-04-12T12:55:00Z

value	0.00712
scoring_system	epss
scoring_elements	0.72284
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-3933

reference_url	http://secunia.com/advisories/41930
reference_id
reference_type
scores
url	http://secunia.com/advisories/41930

reference_url	http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url	http://securitytracker.com/id?1024624

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae

reference_url

https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585

reference_url

https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html

reference_url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930

reference_url

https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624

reference_url

http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0

reference_url	http://www.vupen.com/english/advisories/2010/2719
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2010/2719

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-3933

reference_id

CVE-2010-3933

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2010-3933

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml

reference_id

CVE-2010-3933.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml

reference_url

https://github.com/advisories/GHSA-gjxw-5w2q-7grf

reference_id

GHSA-gjxw-5w2q-7grf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gjxw-5w2q-7grf

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2010-3933, GHSA-gjxw-5w2q-7grf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8zg-kq3z-jqcm

url VCID-jwun-grgg-2uet

vulnerability_id VCID-jwun-grgg-2uet

summary

Exposure of information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23633

reference_id

reference_type

scores

value	0.00367
scoring_system	epss
scoring_elements	0.58669
published_at	2026-04-09T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58687
published_at	2026-04-11T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58648
published_at	2026-04-13T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.5868
published_at	2026-04-16T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58667
published_at	2026-04-12T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58623
published_at	2026-04-02T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.5861
published_at	2026-04-07T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58643
published_at	2026-04-04T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58662
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23633

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23634

reference_id

reference_type

scores

value	0.00441
scoring_system	epss
scoring_elements	0.63267
published_at	2026-04-09T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.6327
published_at	2026-04-16T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63233
published_at	2026-04-13T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63269
published_at	2026-04-12T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63284
published_at	2026-04-11T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.6325
published_at	2026-04-08T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63198
published_at	2026-04-07T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63789
published_at	2026-04-04T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63763
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23634

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/puma/puma

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma

reference_url

https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml

reference_url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

reference_url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/

reference_url

https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released

reference_url

https://security.gentoo.org/glsa/202208-28

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202208-28

reference_url

https://security.netapp.com/advisory/ntap-20240119-0013

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240119-0013

reference_url	https://security.netapp.com/advisory/ntap-20240119-0013/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240119-0013/

reference_url

https://www.debian.org/security/2022/dsa-5146

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5146

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/02/11/5

reference_url

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/02/11/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
reference_id	1005389
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391
reference_id	1005391
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2054211
reference_id	2054211
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2054211

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2063149
reference_id	2063149
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2063149

reference_url

https://security.archlinux.org/AVG-2764

reference_id

AVG-2764

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2764

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23633

reference_id

CVE-2022-23633

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23633

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23634

reference_id

CVE-2022-23634

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23634

reference_url

https://github.com/advisories/GHSA-rmj8-8hhh-gv5h

reference_id

GHSA-rmj8-8hhh-gv5h

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rmj8-8hhh-gv5h

reference_url

https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

reference_id

GHSA-rmj8-8hhh-gv5h

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

reference_url

https://github.com/advisories/GHSA-wh98-p28r-vrc9

reference_id

GHSA-wh98-p28r-vrc9

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-wh98-p28r-vrc9

reference_url

https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

reference_id

GHSA-wh98-p28r-vrc9

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

reference_url	https://access.redhat.com/errata/RHSA-2022:5498
reference_id	RHSA-2022:5498
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5498

reference_url	https://usn.ubuntu.com/6682-1/
reference_id	USN-6682-1
reference_type
scores
url	https://usn.ubuntu.com/6682-1/

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.6%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-23633, CVE-2022-23634, GHSA-rmj8-8hhh-gv5h, GHSA-wh98-p28r-vrc9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwun-grgg-2uet

url VCID-kcj2-v7av-47cv

vulnerability_id VCID-kcj2-v7av-47cv

summary

Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4491

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json

reference_url

reference_id

reference_type

scores

value	0.00713
scoring_system	epss
scoring_elements	0.72345
published_at	2026-04-16T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72283
published_at	2026-04-04T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72259
published_at	2026-04-07T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72298
published_at	2026-04-08T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.7231
published_at	2026-04-09T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72333
published_at	2026-04-11T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72316
published_at	2026-04-12T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72303
published_at	2026-04-13T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72258
published_at	2026-04-01T12:55:00Z

value	0.00713
scoring_system	epss
scoring_elements	0.72264
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/401
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/401

reference_url

https://github.com/advisories/GHSA-699m-mcjm-9cw8

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-699m-mcjm-9cw8

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4491

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4491

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1036922
reference_id	1036922
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1036922

reference_url	https://access.redhat.com/errata/RHSA-2013:1794
reference_id	RHSA-2013:1794
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1794

reference_url	https://access.redhat.com/errata/RHSA-2014:0008
reference_id	RHSA-2014:0008
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0008

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-4491, GHSA-699m-mcjm-9cw8, OSV-100528

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kcj2-v7av-47cv

url VCID-kkbt-pr7u-f7gn

vulnerability_id VCID-kkbt-pr7u-f7gn

summary

Active Record contains SQL Injection
SQL injection vulnerability in the Active Record component in Ruby on Rails before 2.3.15, 3.0.x before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.

references

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_url	http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
reference_id
reference_type
scores
url	http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0220.html

reference_url	http://rhn.redhat.com/errata/RHSA-2013-0155.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2013-0155.html

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0220.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0544.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6496.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6496

reference_id

reference_type

scores

value	0.01017
scoring_system	epss
scoring_elements	0.77217
published_at	2026-04-16T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77122
published_at	2026-04-02T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77151
published_at	2026-04-04T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77133
published_at	2026-04-07T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77166
published_at	2026-04-08T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77174
published_at	2026-04-09T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77202
published_at	2026-04-11T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77181
published_at	2026-04-12T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77177
published_at	2026-04-13T12:55:00Z

value	0.01017
scoring_system	epss
scoring_elements	0.77115
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6496

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=889649

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=889649

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6496

reference_url

http://security.gentoo.org/glsa/glsa-201401-22.xml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://security.gentoo.org/glsa/glsa-201401-22.xml

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/9de9b359d0d24f70f0f6c5c58a7ad8750684d456

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM

reference_url

https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/23daa048baf28b64?dmode=source&output=gplain

reference_url	http://www.securityfocus.com/bid/57084
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/57084

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

100

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6496

reference_id

CVE-2012-6496

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6496

101

reference_url

https://github.com/advisories/GHSA-gh2w-j7cx-2664

reference_id

GHSA-gh2w-j7cx-2664

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gh2w-j7cx-2664

102

reference_url	https://security.gentoo.org/glsa/201401-22
reference_id	GLSA-201401-22
reference_type
scores
url	https://security.gentoo.org/glsa/201401-22

103

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

104

reference_url	https://access.redhat.com/errata/RHSA-2013:0155
reference_id	RHSA-2013:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0155

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-6496, GHSA-gh2w-j7cx-2664, OSV-88661

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkbt-pr7u-f7gn

url VCID-knsd-pv15-tydx

vulnerability_id VCID-knsd-pv15-tydx

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2931

reference_id

reference_type

scores

value	0.00813
scoring_system	epss
scoring_elements	0.74293
published_at	2026-04-16T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74208
published_at	2026-04-01T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74214
published_at	2026-04-02T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.7424
published_at	2026-04-04T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74213
published_at	2026-04-07T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74246
published_at	2026-04-08T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.7426
published_at	2026-04-09T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74282
published_at	2026-04-11T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74263
published_at	2026-04-12T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74256
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2931

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731436

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931

reference_url	http://secunia.com/advisories/45921
reference_id
reference_type
scores
url	http://secunia.com/advisories/45921

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2931

reference_id

CVE-2011-2931

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2931

reference_url

https://github.com/advisories/GHSA-v5jg-558j-q67c

reference_id

GHSA-v5jg-558j-q67c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v5jg-558j-q67c

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2931, GHSA-v5jg-558j-q67c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knsd-pv15-tydx

url VCID-kr1b-uct1-7kf6

vulnerability_id VCID-kr1b-uct1-7kf6

summary

Response Splitting Vulnerability in Ruby on Rails
A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-3186

reference_id

reference_type

scores

value	0.00814
scoring_system	epss
scoring_elements	0.74274
published_at	2026-04-13T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74282
published_at	2026-04-12T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74301
published_at	2026-04-11T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.7428
published_at	2026-04-09T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74259
published_at	2026-04-04T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74232
published_at	2026-04-07T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74228
published_at	2026-04-01T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74265
published_at	2026-04-08T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74311
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-3186

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=732156

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=732156

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9

reference_url	https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-3186

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-3186

reference_url

https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://github.com/advisories/GHSA-fcqf-h4h4-695m

reference_id

GHSA-fcqf-h4h4-695m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcqf-h4h4-695m

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-3186, GHSA-fcqf-h4h4-695m, OSV-74616

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kr1b-uct1-7kf6

url VCID-mep3-6sub-ykdk

vulnerability_id VCID-mep3-6sub-ykdk

summary

Denial of Service Vulnerability when using render :text
Strings sent in specially crafted headers will be converted to symbols.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-02/msg00081.html

reference_url

http://openwall.com/lists/oss-security/2014/02/18/10

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/02/18/10

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0082

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0082.json

reference_url

reference_id

reference_type

scores

value	0.06456
scoring_system	epss
scoring_elements	0.91056
published_at	2026-04-08T12:55:00Z

value	0.06456
scoring_system	epss
scoring_elements	0.91044
published_at	2026-04-07T12:55:00Z

value	0.06456
scoring_system	epss
scoring_elements	0.91026
published_at	2026-04-02T12:55:00Z

value	0.06456
scoring_system	epss
scoring_elements	0.91096
published_at	2026-04-16T12:55:00Z

value	0.06456
scoring_system	epss
scoring_elements	0.91071
published_at	2026-04-13T12:55:00Z

value	0.06456
scoring_system	epss
scoring_elements	0.91062
published_at	2026-04-09T12:55:00Z

value	0.06456
scoring_system	epss
scoring_elements	0.91035
published_at	2026-04-04T12:55:00Z

value	0.06456
scoring_system	epss
scoring_elements	0.91021
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0081

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0082

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0130

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-0082.yml

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/LMxO_3_eCuc

reference_url

https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207044540/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ

reference_url

https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20220315115444/https://puppet.com/security/cve/cve-2014-0082

reference_url

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

reference_url	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
reference_id
reference_type
scores
url	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1065538
reference_id	1065538
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1065538

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0082

reference_id

CVE-2014-0082

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0082

reference_url

https://github.com/advisories/GHSA-7cgp-c3g7-qvrw

reference_id

GHSA-7cgp-c3g7-qvrw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7cgp-c3g7-qvrw

reference_url	https://access.redhat.com/errata/RHSA-2014:0215
reference_id	RHSA-2014:0215
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0215

reference_url	https://access.redhat.com/errata/RHSA-2014:0306
reference_id	RHSA-2014:0306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0306

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-0082, GHSA-7cgp-c3g7-qvrw, OSV-103440

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mep3-6sub-ykdk

url VCID-mnkw-23eu-bkgc

vulnerability_id VCID-mnkw-23eu-bkgc

summary

Ability to forge per-form CSRF tokens in Rails
It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session.

Impact
------

Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session.

Workarounds
-----------

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8166.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8166

reference_id

reference_type

scores

value	0.00443
scoring_system	epss
scoring_elements	0.63345
published_at	2026-04-16T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63311
published_at	2026-04-13T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63348
published_at	2026-04-12T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63364
published_at	2026-04-11T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63347
published_at	2026-04-09T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63329
published_at	2026-04-08T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63278
published_at	2026-04-07T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63312
published_at	2026-04-04T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63284
published_at	2026-04-02T12:55:00Z

value	0.00443
scoring_system	epss
scoring_elements	0.63225
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8166.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw

reference_url	https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw
reference_id
reference_type
scores
url	https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw

reference_url

https://hackerone.com/reports/732415

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/732415

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8166

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8166

reference_url	https://www.debian.org/security/2020/dsa-4766
reference_id
reference_type
scores
url	https://www.debian.org/security/2020/dsa-4766

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1843152
reference_id	1843152
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1843152

reference_url

https://github.com/advisories/GHSA-jp5v-5gx4-jmj9

reference_id

GHSA-jp5v-5gx4-jmj9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jp5v-5gx4-jmj9

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8166, GHSA-jp5v-5gx4-jmj9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mnkw-23eu-bkgc

url VCID-msda-xqbp-qfdd

vulnerability_id VCID-msda-xqbp-qfdd

summary

Possible Open Redirect Vulnerability in Action Pack
There is a possible Open Redirect Vulnerability in Action Pack.

Versions Affected:  >= v6.1.0.rc2
Not affected:       < v6.1.0.rc2
Fixed Versions:     6.1.3.2

Impact
------
This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious
website.

Since rails/rails@9bc7ea5, strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, config.hosts << "sub.example.com" to permit a request with a Host header value of sub-example.com.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
The following monkey patch put in an initializer can be used as a workaround.

```ruby
class ActionDispatch::HostAuthorization::Permissions
  def sanitize_string(host)
    if host.start_with?(".")
      /\A(.+\.)?#{Regexp.escape(host[1..-1])}\z/i
    else
      /\A#{Regexp.escape host}\z/i
    end
  end
end
```

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* 6-1-open-redirect.patch - Patch for 6.1 series

Please note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Credits
-------

Thanks Jonathan Hefner (https://hackerone.com/jonathanhefner) for reporting this bug!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22903

reference_id

reference_type

scores

value	0.00151
scoring_system	epss
scoring_elements	0.35808
published_at	2026-04-16T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35768
published_at	2026-04-13T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35791
published_at	2026-04-12T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.3592
published_at	2026-04-04T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35831
published_at	2026-04-11T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35823
published_at	2026-04-09T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35801
published_at	2026-04-08T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35693
published_at	2026-04-01T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35751
published_at	2026-04-07T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.3589
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22903

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0

reference_url

https://hackerone.com/reports/1148025

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1148025

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22903

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22903

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1957438
reference_id	1957438
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1957438

reference_url

https://security.archlinux.org/AVG-1919

reference_id

AVG-1919

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1919

reference_url

https://github.com/advisories/GHSA-5hq2-xf89-9jxq

reference_id

GHSA-5hq2-xf89-9jxq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5hq2-xf89-9jxq

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22903, GHSA-5hq2-xf89-9jxq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msda-xqbp-qfdd

url VCID-n5fx-u6fs-vydu

vulnerability_id VCID-n5fx-u6fs-vydu

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

references

reference_url

http://openwall.com/lists/oss-security/2014/02/18/9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/02/18/9

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0080

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48114
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48053
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48003
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48056
published_at	2026-04-08T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4805
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48074
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48062
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47995
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48033
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0080

reference_url

https://github.com/advisories/GHSA-hqf9-rc9j-5fmj

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-hqf9-rc9j-5fmj

reference_url

https://github.com/rails/rails/tree/main/activerecord

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/tree/main/activerecord

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s

reference_url

https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1065517
reference_id	1065517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1065517

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0080

reference_id

CVE-2014-0080

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0080

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-0080, GHSA-hqf9-rc9j-5fmj, OSV-103438

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5fx-u6fs-vydu

url VCID-n8r7-wthv-fqaj

vulnerability_id VCID-n8r7-wthv-fqaj

summary

Active Record RCE bug with Serialized Columns
When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE.

There are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json

reference_id

reference_type

scores

value	9.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32224.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_id

reference_type

scores

value	0.01864
scoring_system	epss
scoring_elements	0.83096
published_at	2026-04-16T12:55:00Z

value	0.01864
scoring_system	epss
scoring_elements	0.83009
published_at	2026-04-02T12:55:00Z

value	0.01864
scoring_system	epss
scoring_elements	0.83023
published_at	2026-04-04T12:55:00Z

value	0.01864
scoring_system	epss
scoring_elements	0.8302
published_at	2026-04-07T12:55:00Z

value	0.01864
scoring_system	epss
scoring_elements	0.83045
published_at	2026-04-08T12:55:00Z

value	0.01864
scoring_system	epss
scoring_elements	0.83052
published_at	2026-04-09T12:55:00Z

value	0.01864
scoring_system	epss
scoring_elements	0.83068
published_at	2026-04-11T12:55:00Z

value	0.01864
scoring_system	epss
scoring_elements	0.83062
published_at	2026-04-12T12:55:00Z

value	0.01864
scoring_system	epss
scoring_elements	0.83057
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-32224

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32224

reference_url

https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/

url

https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

reference_url

https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a

reference_url

https://github.com/rails/rails/commits/main/activerecord

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commits/main/activerecord

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-24T15:17:17Z/

url

https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-32224

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-32224

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140
reference_id	1016140
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016140

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2108997
reference_id	2108997
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2108997

reference_url	https://security.gentoo.org/glsa/202408-24
reference_id	GLSA-202408-24
reference_type
scores
url	https://security.gentoo.org/glsa/202408-24

reference_url	https://access.redhat.com/errata/RHSA-2023:0261
reference_id	RHSA-2023:0261
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0261

reference_url	https://access.redhat.com/errata/RHSA-2023:1151
reference_id	RHSA-2023:1151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1151

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

fixed_packages

url	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-32224, GHSA-3hhc-qp5v-9p2j, GMS-2022-3029

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8r7-wthv-fqaj

url VCID-nf8s-2aaa-17fw

vulnerability_id VCID-nf8s-2aaa-17fw

summary

Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0469.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0469.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6417

reference_id

reference_type

scores

value	0.00512
scoring_system	epss
scoring_elements	0.66439
published_at	2026-04-07T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.66468
published_at	2026-04-04T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.66402
published_at	2026-04-01T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.66512
published_at	2026-04-16T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.66477
published_at	2026-04-13T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.66508
published_at	2026-04-12T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.6652
published_at	2026-04-11T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.66501
published_at	2026-04-09T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.66487
published_at	2026-04-08T12:55:00Z

value	0.00512
scoring_system	epss
scoring_elements	0.66441
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6417

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/403
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/403

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6417

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6417

reference_url

https://puppet.com/security/cve/cve-2013-6417

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-6417

reference_url

https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-wpw7-wxjm-cw8r

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1036409
reference_id	1036409
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1036409

reference_url

reference_id

GHSA-wpw7-wxjm-cw8r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wpw7-wxjm-cw8r

reference_url	https://access.redhat.com/errata/RHSA-2013:1794
reference_id	RHSA-2013:1794
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1794

reference_url	https://access.redhat.com/errata/RHSA-2014:0008
reference_id	RHSA-2014:0008
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0008

reference_url	https://access.redhat.com/errata/RHSA-2014:0469
reference_id	RHSA-2014:0469
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0469

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-6417, GHSA-wpw7-wxjm-cw8r, OSV-100527

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nf8s-2aaa-17fw

url VCID-nk6g-hhsk-8kaw

vulnerability_id VCID-nk6g-hhsk-8kaw

summary

Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0
There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0277.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0277

reference_id

reference_type

scores

value	0.06742
scoring_system	epss
scoring_elements	0.91286
published_at	2026-04-13T12:55:00Z

value	0.06742
scoring_system	epss
scoring_elements	0.91287
published_at	2026-04-12T12:55:00Z

value	0.06742
scoring_system	epss
scoring_elements	0.91283
published_at	2026-04-11T12:55:00Z

value	0.06742
scoring_system	epss
scoring_elements	0.91241
published_at	2026-04-02T12:55:00Z

value	0.06742
scoring_system	epss
scoring_elements	0.91311
published_at	2026-04-16T12:55:00Z

value	0.06742
scoring_system	epss
scoring_elements	0.91236
published_at	2026-04-01T12:55:00Z

value	0.06742
scoring_system	epss
scoring_elements	0.91277
published_at	2026-04-09T12:55:00Z

value	0.06742
scoring_system	epss
scoring_elements	0.9127
published_at	2026-04-08T12:55:00Z

value	0.06742
scoring_system	epss
scoring_elements	0.91257
published_at	2026-04-07T12:55:00Z

value	0.06742
scoring_system	epss
scoring_elements	0.91251
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0277

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277

reference_url	http://secunia.com/advisories/52112
reference_id
reference_type
scores
url	http://secunia.com/advisories/52112

reference_url

http://securitytracker.com/id?1028109

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://securitytracker.com/id?1028109

reference_url

https://github.com/rails/rails/tree/v6.1.4.1/activerecord

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/tree/v6.1.4.1/activerecord

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0277.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KtmwSbEpzrU

reference_url

https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/302ec7ce90f13837?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0277

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0277

reference_url

https://puppet.com/security/cve/cve-2013-0277

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-0277

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/6

reference_url

reference_id

reference_type

scores

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/11/6

reference_url	http://www.osvdb.org/90073
reference_id
reference_type
scores
url	http://www.osvdb.org/90073

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=909633
reference_id	909633
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=909633

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

reference_url

https://github.com/advisories/GHSA-fhj9-cjjh-27vm

reference_id

GHSA-fhj9-cjjh-27vm

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fhj9-cjjh-27vm

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-0277, GHSA-fhj9-cjjh-27vm, OSV-90073

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nk6g-hhsk-8kaw

url VCID-nzeb-cy9e-tkax

vulnerability_id VCID-nzeb-cy9e-tkax

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

references

reference_url	http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
reference_id
reference_type
scores
url	http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_url	http://gist.github.com/8946
reference_id
reference_type
scores
url	http://gist.github.com/8946

reference_url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_url

http://rails.lighthouseapp.com/projects/8994/tickets/288

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rails.lighthouseapp.com/projects/8994/tickets/288

reference_url

http://rails.lighthouseapp.com/projects/8994/tickets/964

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rails.lighthouseapp.com/projects/8994/tickets/964

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-4094

reference_id

reference_type

scores

value	0.03119
scoring_system	epss
scoring_elements	0.86856
published_at	2026-04-16T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.86782
published_at	2026-04-01T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.86793
published_at	2026-04-02T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.86812
published_at	2026-04-04T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.86806
published_at	2026-04-07T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.86826
published_at	2026-04-08T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.86834
published_at	2026-04-09T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.86847
published_at	2026-04-11T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.86844
published_at	2026-04-12T12:55:00Z

value	0.03119
scoring_system	epss
scoring_elements	0.86839
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-4094

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4094

reference_url	http://secunia.com/advisories/31875
reference_id
reference_type
scores
url	http://secunia.com/advisories/31875

reference_url	http://secunia.com/advisories/31909
reference_id
reference_type
scores
url	http://secunia.com/advisories/31909

reference_url	http://secunia.com/advisories/31910
reference_id
reference_type
scores
url	http://secunia.com/advisories/31910

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/45109

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ef0ea782b1f5cf7b08e74ea3002a16c708f66645

reference_url

https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620000955/http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1

reference_url

https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620201733/http://blog.innerewut.de/files/rails/activerecord-1.15.3.patch

reference_url

https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20080620201744/http://blog.innerewut.de/files/rails/activerecord-2.0.2.patch

reference_url

https://web.archive.org/web/20081104151751/http://gist.github.com/8946

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081104151751/http://gist.github.com/8946

reference_url

https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875

reference_url	https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/
reference_id
reference_type
scores
url	https://web.archive.org/web/20081113122736/http://secunia.com/advisories/31875/

reference_url

https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081207211431/http://secunia.com/advisories/31909

reference_url

https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20081207211436/http://secunia.com/advisories/31910

reference_url

https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20091101000000*/http://www.vupen.com/english/advisories/2008/2562

reference_url

https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20120120194518/http://www.securityfocus.com/bid/31176

reference_url

https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201207112829/http://www.securitytracker.com/id?1020871

reference_url

http://www.openwall.com/lists/oss-security/2008/09/13/2

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2008/09/13/2

reference_url

http://www.openwall.com/lists/oss-security/2008/09/16/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2008/09/16/1

reference_url

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter

reference_url	http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
reference_id
reference_type
scores
url	http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/

reference_url	http://www.securityfocus.com/bid/31176
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/31176

reference_url	http://www.securitytracker.com/id?1020871
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020871

reference_url	http://www.vupen.com/english/advisories/2008/2562
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/2562

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791
reference_id	500791
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500791

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-4094

reference_id

CVE-2008-4094

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-4094

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml

reference_id

CVE-2008-4094.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2008-4094.yml

reference_url

https://github.com/advisories/GHSA-xf96-32q2-9rw2

reference_id

GHSA-xf96-32q2-9rw2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xf96-32q2-9rw2

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.1.0-1?distro=trixie
purl	pkg:deb/debian/rails@2.1.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.1.0-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2008-4094, GHSA-xf96-32q2-9rw2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nzeb-cy9e-tkax

url VCID-p22r-u1dd-b7b3

vulnerability_id VCID-p22r-u1dd-b7b3

summary

Missing security headers in Action Pack on non-HTML responses
# Permissions-Policy is Only Served on HTML Content-Type

The application configurable Permissions-Policy is only served on responses
with an HTML related Content-Type.

This has been assigned the CVE identifier CVE-2024-28103.


Versions Affected:  >= 6.1.0
Not affected:       < 6.1.0
Fixed Versions:     6.1.7.8, 7.0.8.4, and 7.1.3.4

Impact
------
Responses with a non-HTML Content-Type are not serving the configured Permissions-Policy. There are certain non-HTML Content-Types that would benefit from having the Permissions-Policy enforced.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
N/A

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the supported release series in accordance with our 
[maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues)
regarding security issues. They are in git-am format and consist of a
single changeset.

* 6-1-include-permissions-policy-header-on-non-html.patch - Patch for 6.1 series
* 7-0-include-permissions-policy-header-on-non-html.patch - Patch for 7.0 series
* 7-1-include-permissions-policy-header-on-non-html.patch - Patch for 7.1 series



Credits
-------

Thank you [shinkbr](https://hackerone.com/shinkbr) for reporting this!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28103

reference_id

reference_type

scores

value	0.00832
scoring_system	epss
scoring_elements	0.74613
published_at	2026-04-16T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74576
published_at	2026-04-13T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74585
published_at	2026-04-12T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74604
published_at	2026-04-11T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74581
published_at	2026-04-09T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74565
published_at	2026-04-08T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74533
published_at	2026-04-07T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74559
published_at	2026-04-04T12:55:00Z

value	0.00832
scoring_system	epss
scoring_elements	0.74532
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28103

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/

url

https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523

reference_url

https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/

url

https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28103

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28103

reference_url

https://security.netapp.com/advisory/ntap-20241206-0002

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20241206-0002

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705
reference_id	1072705
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2290530
reference_id	2290530
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2290530

reference_url

https://github.com/advisories/GHSA-fwhr-88qx-h9g7

reference_id

GHSA-fwhr-88qx-h9g7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fwhr-88qx-h9g7

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-28103, GHSA-fwhr-88qx-h9g7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p22r-u1dd-b7b3

url VCID-p5mc-r1rg-5ff7

vulnerability_id VCID-p5mc-r1rg-5ff7

summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-27777

reference_id

reference_type

scores

value	0.00911
scoring_system	epss
scoring_elements	0.7586
published_at	2026-04-16T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75823
published_at	2026-04-13T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75829
published_at	2026-04-12T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75848
published_at	2026-04-11T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75824
published_at	2026-04-09T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75812
published_at	2026-04-08T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.7578
published_at	2026-04-07T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75801
published_at	2026-04-04T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75768
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85

reference_url

https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-27777

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982
reference_id	1016982
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2080296
reference_id	2080296
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2080296

reference_url

reference_id

CVE-2022-27777

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-27777

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml

reference_id

CVE-2022-27777.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml

reference_url

https://github.com/advisories/GHSA-ch3h-j2vf-95pv

reference_id

GHSA-ch3h-j2vf-95pv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ch3h-j2vf-95pv

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-27777, GHSA-ch3h-j2vf-95pv, GMS-2022-1138

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5mc-r1rg-5ff7

url VCID-pb5f-g4uc-r7fp

vulnerability_id VCID-pb5f-g4uc-r7fp

summary

Possible Input Validation Circumvention
Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacted by this issue as they are encouraged to allow parameters and must specifically opt-out of input verification using the `permit!` method to allow mass assignment.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0753

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0753.json

reference_url

reference_id

reference_type

scores

value	0.02328
scoring_system	epss
scoring_elements	0.84843
published_at	2026-04-16T12:55:00Z

value	0.02328
scoring_system	epss
scoring_elements	0.84748
published_at	2026-04-01T12:55:00Z

value	0.02328
scoring_system	epss
scoring_elements	0.84763
published_at	2026-04-02T12:55:00Z

value	0.02328
scoring_system	epss
scoring_elements	0.84782
published_at	2026-04-04T12:55:00Z

value	0.02328
scoring_system	epss
scoring_elements	0.84783
published_at	2026-04-07T12:55:00Z

value	0.02328
scoring_system	epss
scoring_elements	0.84806
published_at	2026-04-08T12:55:00Z

value	0.02328
scoring_system	epss
scoring_elements	0.84812
published_at	2026-04-09T12:55:00Z

value	0.02328
scoring_system	epss
scoring_elements	0.84831
published_at	2026-04-11T12:55:00Z

value	0.02328
scoring_system	epss
scoring_elements	0.84827
published_at	2026-04-12T12:55:00Z

value	0.02328
scoring_system	epss
scoring_elements	0.84822
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0753

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml

reference_url	https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ

reference_url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816

reference_url

https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247

reference_url

https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/14

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/14

reference_url	http://www.securityfocus.com/bid/82247
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/82247

reference_url	http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301973
reference_id	1301973
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301973

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:22:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:22:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:23:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:23:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0753

reference_id

CVE-2016-0753

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0753

reference_url

https://github.com/advisories/GHSA-543v-gj2c-r3ch

reference_id

GHSA-543v-gj2c-r3ch

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-543v-gj2c-r3ch

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-0753, GHSA-543v-gj2c-r3ch

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pb5f-g4uc-r7fp

url VCID-pd5s-1xsg-f7a5

vulnerability_id VCID-pd5s-1xsg-f7a5

summary

Rails has a possible XSS vulnerability in its Action Pack debug exceptions
### Impact
The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`), which is the default in development.

### Releases
The fixed releases are available at the normal locations.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33167

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.04946
published_at	2026-04-16T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04965
published_at	2026-04-02T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.04992
published_at	2026-04-04T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05014
published_at	2026-04-07T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05047
published_at	2026-04-08T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05063
published_at	2026-04-09T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05041
published_at	2026-04-11T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05023
published_at	2026-04-12T12:55:00Z

value	0.00019
scoring_system	epss
scoring_elements	0.05005
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33167

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0

reference_url

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/

url

https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0

reference_url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/

url

https://github.com/rails/rails/releases/tag/v8.1.2.1

reference_url

https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6

reference_id

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/

url

https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-33167

reference_id

reference_type

scores

value	1.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33167

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2450552
reference_id	2450552
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2450552

reference_url

https://github.com/advisories/GHSA-pgm4-439c-5jp6

reference_id

GHSA-pgm4-439c-5jp6

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pgm4-439c-5jp6

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2026-33167, GHSA-pgm4-439c-5jp6

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pd5s-1xsg-f7a5

url VCID-pmrb-t3bm-zkb6

vulnerability_id VCID-pmrb-t3bm-zkb6

summary

Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

reference_url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6414

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json

reference_url

reference_id

reference_type

scores

value	0.70843
scoring_system	epss
scoring_elements	0.98688
published_at	2026-04-02T12:55:00Z

value	0.70843
scoring_system	epss
scoring_elements	0.98687
published_at	2026-04-01T12:55:00Z

value	0.70843
scoring_system	epss
scoring_elements	0.98702
published_at	2026-04-16T12:55:00Z

value	0.70843
scoring_system	epss
scoring_elements	0.987
published_at	2026-04-13T12:55:00Z

value	0.70843
scoring_system	epss
scoring_elements	0.98699
published_at	2026-04-12T12:55:00Z

value	0.70843
scoring_system	epss
scoring_elements	0.98696
published_at	2026-04-09T12:55:00Z

value	0.70843
scoring_system	epss
scoring_elements	0.98695
published_at	2026-04-07T12:55:00Z

value	0.70843
scoring_system	epss
scoring_elements	0.98691
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417

reference_url	http://seclists.org/oss-sec/2013/q4/400
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2013/q4/400

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ

reference_url

https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg

reference_url

https://puppet.com/security/cve/cve-2013-6414

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://puppet.com/security/cve/cve-2013-6414

reference_url

https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836

reference_url

https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414

reference_url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

reference_url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release

reference_url	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
reference_id
reference_type
scores
url	http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1036483
reference_id	1036483
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1036483

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-6414

reference_id

CVE-2013-6414

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-6414

reference_url

https://github.com/advisories/GHSA-mpxf-gcw2-pw5q

reference_id

GHSA-mpxf-gcw2-pw5q

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mpxf-gcw2-pw5q

reference_url	https://access.redhat.com/errata/RHSA-2013:1794
reference_id	RHSA-2013:1794
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1794

reference_url	https://access.redhat.com/errata/RHSA-2014:0008
reference_id	RHSA-2014:0008
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0008

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-6414, GHSA-mpxf-gcw2-pw5q, OSV-100525

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmrb-t3bm-zkb6

url VCID-r1u7-1avr-fqbs

vulnerability_id VCID-r1u7-1avr-fqbs

summary

Moderate severity vulnerability that affects rails
Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-5379

reference_id

reference_type

scores

value	0.10596
scoring_system	epss
scoring_elements	0.93263
published_at	2026-04-02T12:55:00Z

value	0.10596
scoring_system	epss
scoring_elements	0.93255
published_at	2026-04-01T12:55:00Z

value	0.10596
scoring_system	epss
scoring_elements	0.93269
published_at	2026-04-04T12:55:00Z

value	0.10596
scoring_system	epss
scoring_elements	0.93301
published_at	2026-04-16T12:55:00Z

value	0.10596
scoring_system	epss
scoring_elements	0.93284
published_at	2026-04-13T12:55:00Z

value	0.10596
scoring_system	epss
scoring_elements	0.93283
published_at	2026-04-12T12:55:00Z

value	0.10596
scoring_system	epss
scoring_elements	0.93285
published_at	2026-04-11T12:55:00Z

value	0.10596
scoring_system	epss
scoring_elements	0.93281
published_at	2026-04-09T12:55:00Z

value	0.10596
scoring_system	epss
scoring_elements	0.93276
published_at	2026-04-08T12:55:00Z

value	0.10596
scoring_system	epss
scoring_elements	0.93268
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-5379

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5379

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090602000500/http://dev.rubyonrails.org/ticket/8453

reference_url	http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-5379

reference_url

reference_id

CVE-2007-5379

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-5379

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml

reference_id

CVE-2007-5379.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5379.yml

reference_url

https://github.com/advisories/GHSA-fjfg-q662-gm6j

reference_id

GHSA-fjfg-q662-gm6j

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fjfg-q662-gm6j

reference_url	https://security.gentoo.org/glsa/200711-17
reference_id	GLSA-200711-17
reference_type
scores
url	https://security.gentoo.org/glsa/200711-17

fixed_packages

url	pkg:deb/debian/rails@1.2.5-1?distro=trixie
purl	pkg:deb/debian/rails@1.2.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-5379, GHSA-fjfg-q662-gm6j, OSV-40717

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1u7-1avr-fqbs

url VCID-rps2-k24p-9qgq

vulnerability_id VCID-rps2-k24p-9qgq

summary

Translate helper method which may allow an attacker to insert arbitrary code into a page
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.

references

reference_url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1

reference_url

http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain

reference_url

http://openwall.com/lists/oss-security/2011/11/18/8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2011/11/18/8

reference_url	http://osvdb.org/77199
reference_id
reference_type
scores
url	http://osvdb.org/77199

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-4319

reference_id

reference_type

scores

value	0.00607
scoring_system	epss
scoring_elements	0.6969
published_at	2026-04-12T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69705
published_at	2026-04-11T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69684
published_at	2026-04-09T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69666
published_at	2026-04-08T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69615
published_at	2026-04-07T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69607
published_at	2026-04-01T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69718
published_at	2026-04-16T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69677
published_at	2026-04-13T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69636
published_at	2026-04-04T12:55:00Z

value	0.00607
scoring_system	epss
scoring_elements	0.69621
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-4319

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/71364

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/71364

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c

reference_url

https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade

reference_url	https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU

reference_url

https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722

reference_url

https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342

reference_url

http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released

reference_url

http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released

reference_url	http://www.securityfocus.com/bid/50722
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/50722

reference_url	http://www.securitytracker.com/id?1026342
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1026342

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=755004
reference_id	755004
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=755004

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-4319

reference_id

CVE-2011-4319

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-4319

reference_url

https://github.com/advisories/GHSA-xxr8-833v-c7wc

reference_id

GHSA-xxr8-833v-c7wc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xxr8-833v-c7wc

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-4319, GHSA-xxr8-833v-c7wc, OSV-77199

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rps2-k24p-9qgq

url VCID-rq7w-zmh4-17e1

vulnerability_id VCID-rq7w-zmh4-17e1

summary

SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html

reference_url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2661

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json

reference_url

reference_id

reference_type

scores

value	0.0073
scoring_system	epss
scoring_elements	0.72694
published_at	2026-04-16T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72679
published_at	2026-04-11T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72662
published_at	2026-04-12T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72652
published_at	2026-04-13T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72604
published_at	2026-04-01T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72611
published_at	2026-04-02T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72628
published_at	2026-04-04T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72605
published_at	2026-04-07T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72644
published_at	2026-04-08T12:55:00Z

value	0.0073
scoring_system	epss
scoring_elements	0.72656
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-2661

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661

reference_url	https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml

reference_url

https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-2661

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-2661

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=827363
reference_id	827363
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=827363

reference_url

https://github.com/advisories/GHSA-fh39-v733-mxfr

reference_id

GHSA-fh39-v733-mxfr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fh39-v733-mxfr

reference_url	https://access.redhat.com/errata/RHSA-2012:1542
reference_id	RHSA-2012:1542
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:1542

reference_url	https://access.redhat.com/errata/RHSA-2013:0154
reference_id	RHSA-2013:0154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0154

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rq7w-zmh4-17e1

url VCID-rqfj-8y7h-eqgm

vulnerability_id VCID-rqfj-8y7h-eqgm

summary

ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML.

This has been assigned the CVE identifier CVE-2024-32464.


Versions Affected:  >= 7.1.0
Not affected:       < 7.1.0
Fixed Versions:     7.1.3.4

Impact
------
This could lead to a potential cross site scripting issue within the Trix editor.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
N/A

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our [maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues) regarding security issues. They are in git-am format and consist of a single changeset.

* action_text_content_attachment_xss_7_1_stable.patch - Patch for 7.1 series



Credits
-------

Thank you [ooooooo_q](https://hackerone.com/ooooooo_q) for reporting this!

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-32464

reference_id

reference_type

scores

value	0.0028
scoring_system	epss
scoring_elements	0.5138
published_at	2026-04-04T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.51354
published_at	2026-04-02T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.51443
published_at	2026-04-16T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.514
published_at	2026-04-13T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.51414
published_at	2026-04-12T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.51435
published_at	2026-04-11T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.51392
published_at	2026-04-09T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.51393
published_at	2026-04-08T12:55:00Z

value	0.0028
scoring_system	epss
scoring_elements	0.51339
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-32464

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/

url

https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995

reference_url

https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/

url

https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-32464

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-32464

reference_url

https://github.com/advisories/GHSA-prjp-h48f-jgf6

reference_id

GHSA-prjp-h48f-jgf6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-prjp-h48f-jgf6

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-32464, GHSA-prjp-h48f-jgf6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqfj-8y7h-eqgm

url VCID-s5ah-tf63-a7cw

vulnerability_id VCID-s5ah-tf63-a7cw

summary

Improper Input Validation
The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00057.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00086.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2098.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2098

reference_id

reference_type

scores

value	0.8743
scoring_system	epss
scoring_elements	0.99461
published_at	2026-04-16T12:55:00Z

value	0.8743
scoring_system	epss
scoring_elements	0.99452
published_at	2026-04-01T12:55:00Z

value	0.8743
scoring_system	epss
scoring_elements	0.99451
published_at	2026-04-02T12:55:00Z

value	0.8743
scoring_system	epss
scoring_elements	0.99453
published_at	2026-04-04T12:55:00Z

value	0.8743
scoring_system	epss
scoring_elements	0.99454
published_at	2026-04-07T12:55:00Z

value	0.8743
scoring_system	epss
scoring_elements	0.99456
published_at	2026-04-09T12:55:00Z

value	0.8743
scoring_system	epss
scoring_elements	0.99457
published_at	2026-04-11T12:55:00Z

value	0.8743
scoring_system	epss
scoring_elements	0.99458
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2098.yml

reference_url	https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/ly-IH-fxr_Q

reference_url

https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228015318/http://www.securityfocus.com/bid/83725

reference_url

https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210612214217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ly-IH-fxr_Q/WLoOhcMZIAAJ

reference_url

https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20211205173437/https://securitytracker.com/id/1035122

reference_url

https://www.exploit-db.com/exploits/40086

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/40086

reference_url	https://www.exploit-db.com/exploits/40086/
reference_id
reference_type
scores
url	https://www.exploit-db.com/exploits/40086/

reference_url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

reference_url

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2098

reference_url	http://www.securityfocus.com/bid/83725
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/83725

reference_url	http://www.securitytracker.com/id/1035122
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035122

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1310054
reference_id	1310054
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1310054

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb
reference_id	CVE-2016-2098
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/remote/40086.rb

100

reference_url

reference_id

CVE-2016-2098

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2098

101

reference_url

https://github.com/advisories/GHSA-78rc-8c29-p45g

reference_id

GHSA-78rc-8c29-p45g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-78rc-8c29-p45g

102

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

103

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

104

reference_url	https://access.redhat.com/errata/RHSA-2016:0456
reference_id	RHSA-2016:0456
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0456

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.2-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-2098, GHSA-78rc-8c29-p45g

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ah-tf63-a7cw

url VCID-sb9g-rdnm-rqbm

vulnerability_id VCID-sb9g-rdnm-rqbm

summary

SQL Injection in Active Record
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

references

reference_url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0876.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0876.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3482.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3482

reference_id

reference_type

scores

value	0.01531
scoring_system	epss
scoring_elements	0.81322
published_at	2026-04-12T12:55:00Z

value	0.01531
scoring_system	epss
scoring_elements	0.81336
published_at	2026-04-11T12:55:00Z

value	0.01531
scoring_system	epss
scoring_elements	0.81315
published_at	2026-04-13T12:55:00Z

value	0.01531
scoring_system	epss
scoring_elements	0.81283
published_at	2026-04-04T12:55:00Z

value	0.01531
scoring_system	epss
scoring_elements	0.81351
published_at	2026-04-16T12:55:00Z

value	0.01531
scoring_system	epss
scoring_elements	0.81282
published_at	2026-04-07T12:55:00Z

value	0.01531
scoring_system	epss
scoring_elements	0.81252
published_at	2026-04-01T12:55:00Z

value	0.01531
scoring_system	epss
scoring_elements	0.8131
published_at	2026-04-08T12:55:00Z

value	0.01531
scoring_system	epss
scoring_elements	0.81261
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483

reference_url	http://secunia.com/advisories/59973
reference_id
reference_type
scores
url	http://secunia.com/advisories/59973

reference_url	http://secunia.com/advisories/60214
reference_id
reference_type
scores
url	http://secunia.com/advisories/60214

reference_url	http://secunia.com/advisories/60763
reference_id
reference_type
scores
url	http://secunia.com/advisories/60763

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b

reference_url	https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
reference_id
reference_type
scores
url	https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_url

https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3482

reference_url	http://www.securityfocus.com/bid/68343
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/68343

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1114425
reference_id	1114425
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1114425

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

118

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

119

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

120

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*

121

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1::::::

122

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.13:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2::::::

123

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.15:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3::::::

124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:::::::*

125

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:::::::*

126

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:::::::*

127

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

128

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

129

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

130

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

132

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

133

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

135

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

136

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

137

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

138

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

139

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:::::::*

140

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

141

reference_url

reference_id

CVE-2014-3482

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3482

142

reference_url

https://github.com/advisories/GHSA-mhwp-qhpc-h3jm

reference_id

GHSA-mhwp-qhpc-h3jm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mhwp-qhpc-h3jm

143

reference_url	https://access.redhat.com/errata/RHSA-2014:0876
reference_id	RHSA-2014:0876
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0876

fixed_packages

url	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.4-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-3482, GHSA-mhwp-qhpc-h3jm, OSV-108664

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sb9g-rdnm-rqbm

url VCID-sfyc-jewr-wuf5

vulnerability_id VCID-sfyc-jewr-wuf5

summary

Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887.

Impact
------

For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users on Ruby 3.2 are unaffected by this issue.


Credits
-------
Thanks to [scyoon](https://hackerone.com/scyoon) for reporting

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47887

reference_id

reference_type

scores

value	0.00296
scoring_system	epss
scoring_elements	0.5297
published_at	2026-04-16T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52876
published_at	2026-04-02T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52932
published_at	2026-04-13T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52948
published_at	2026-04-12T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52964
published_at	2026-04-11T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52914
published_at	2026-04-09T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.5292
published_at	2026-04-08T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.5287
published_at	2026-04-07T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52901
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47887

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id	1085376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2319034
reference_id	2319034
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2319034

reference_url

https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049

reference_id

56b2fc3302836405b496e196a8d5fc0195e55049

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049

reference_url

https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a

reference_id

7c1398854d51f9bb193fb79f226647351133d08a

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a

reference_url

https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545

reference_id

8e057db25bff1dc7a98e9ae72e0083825b9ac545

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-47887
reference_id	CVE-2024-47887
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-47887

reference_url

https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2

reference_id

f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/

url

https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2

reference_url

https://github.com/advisories/GHSA-vfg9-r3fq-jvx4

reference_id

GHSA-vfg9-r3fq-jvx4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vfg9-r3fq-jvx4

reference_url	https://usn.ubuntu.com/7290-1/
reference_id	USN-7290-1
reference_type
scores
url	https://usn.ubuntu.com/7290-1/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-47887, GHSA-vfg9-r3fq-jvx4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfyc-jewr-wuf5

url VCID-sgdb-985e-4uej

vulnerability_id VCID-sgdb-985e-4uej

summary

Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128.

Impact
------

Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users on Ruby 3.2 are unaffected by this issue.


Credits
-------

Thanks to [scyoon](https://hackerone.com/scyoon) for the report and patches!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json

reference_url

https://access.redhat.com/security/cve/cve-2024-41128

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://access.redhat.com/security/cve/cve-2024-41128

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-41128

reference_id

reference_type

scores

value	0.00605
scoring_system	epss
scoring_elements	0.69624
published_at	2026-04-09T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69608
published_at	2026-04-08T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69557
published_at	2026-04-07T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69562
published_at	2026-04-02T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69578
published_at	2026-04-04T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69657
published_at	2026-04-16T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69618
published_at	2026-04-13T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69632
published_at	2026-04-12T12:55:00Z

value	0.00605
scoring_system	epss
scoring_elements	0.69647
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-41128

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2319036

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2319036

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075

reference_url

https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef

reference_url

https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891

reference_url

https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd

reference_url

https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/

url

https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-41128

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-41128

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id	1085376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376

reference_url

https://github.com/advisories/GHSA-x76w-6vjr-8xgj

reference_id

GHSA-x76w-6vjr-8xgj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x76w-6vjr-8xgj

reference_url	https://usn.ubuntu.com/7290-1/
reference_id	USN-7290-1
reference_type
scores
url	https://usn.ubuntu.com/7290-1/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-41128, GHSA-x76w-6vjr-8xgj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgdb-985e-4uej

url VCID-sygb-mygd-s3gb

vulnerability_id VCID-sygb-mygd-s3gb

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-44566

reference_id

reference_type

scores

value	0.02421
scoring_system	epss
scoring_elements	0.8515
published_at	2026-04-16T12:55:00Z

value	0.02421
scoring_system	epss
scoring_elements	0.85129
published_at	2026-04-13T12:55:00Z

value	0.02421
scoring_system	epss
scoring_elements	0.85132
published_at	2026-04-12T12:55:00Z

value	0.02421
scoring_system	epss
scoring_elements	0.85134
published_at	2026-04-11T12:55:00Z

value	0.02421
scoring_system	epss
scoring_elements	0.8512
published_at	2026-04-09T12:55:00Z

value	0.02421
scoring_system	epss
scoring_elements	0.85113
published_at	2026-04-08T12:55:00Z

value	0.02421
scoring_system	epss
scoring_elements	0.85091
published_at	2026-04-07T12:55:00Z

value	0.02421
scoring_system	epss
scoring_elements	0.8507
published_at	2026-04-02T12:55:00Z

value	0.02421
scoring_system	epss
scoring_elements	0.85087
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-44566

reference_url

https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/

url

https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566

reference_url

https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/

url

https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf

reference_url

https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid

reference_url

https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164789
reference_id	2164789
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164789

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-44566

reference_id

CVE-2022-44566

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-44566

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml

reference_id

CVE-2022-44566.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml

reference_url

https://github.com/advisories/GHSA-579w-22j4-4749

reference_id

GHSA-579w-22j4-4749

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-579w-22j4-4749

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-44566, GHSA-579w-22j4-4749, GMS-2023-59

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sygb-mygd-s3gb

url VCID-sz4r-kjse-cbdd

vulnerability_id VCID-sz4r-kjse-cbdd

summary

Remote attacker can conduct SQL injection attacks
Ruby on Rails contains a flaw in the Authlogic gem. The issue is triggered when the program makes an unsafe method call for find_by_id. With a specially crafted parameter in an environment that knows the secret_token value in secret_token.rb, a remote attacker to more easily conduct SQL injection attacks.

references

reference_url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts

reference_url	http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/
reference_id
reference_type
scores
url	http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/

reference_url

http://openwall.com/lists/oss-security/2013/01/03/12

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2013/01/03/12

reference_url	http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html
reference_id
reference_type
scores
url	http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-6497

reference_id

reference_type

scores

value	0.00397
scoring_system	epss
scoring_elements	0.60606
published_at	2026-04-16T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60519
published_at	2026-04-02T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60546
published_at	2026-04-04T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60515
published_at	2026-04-07T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60563
published_at	2026-04-08T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.6058
published_at	2026-04-09T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60601
published_at	2026-04-11T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60586
published_at	2026-04-12T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60565
published_at	2026-04-13T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.60444
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-6497

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6497

reference_url

https://github.com/binarylogic/authlogic

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/binarylogic/authlogic

reference_url

https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873

reference_url	https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee
reference_id
reference_type
scores
url	https://github.com/binarylogic/authlogic/commit/1d57a6c4abe43a3c0b4ef578486ea00e1f7a9873#diff-724a09c582d42a66c65c0bdaadcb21ee

reference_url

https://github.com/binarylogic/authlogic/pull/341

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/binarylogic/authlogic/pull/341

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/authlogic/OSVDB-89064.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-6497

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-6497

reference_url

https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130104161608/http://www.securityfocus.com/bid/57084

reference_url

https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130116043311/http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html

reference_url	http://www.securityfocus.com/bid/57084
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/57084

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url

https://github.com/advisories/GHSA-rx7j-mw4c-76g9

reference_id

GHSA-rx7j-mw4c-76g9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rx7j-mw4c-76g9

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-6497, GHSA-rx7j-mw4c-76g9, OSV-89064

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz4r-kjse-cbdd

url VCID-t2cx-7ycd-tqhq

vulnerability_id VCID-t2cx-7ycd-tqhq

summary

activesupport Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.

references

reference_url

http://openwall.com/lists/oss-security/2015/06/16/17

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2015/06/16/17

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3226.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3226

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43761
published_at	2026-04-16T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.4366
published_at	2026-04-01T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43716
published_at	2026-04-12T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43741
published_at	2026-04-04T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43674
published_at	2026-04-07T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43725
published_at	2026-04-08T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43728
published_at	2026-04-09T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43748
published_at	2026-04-11T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43699
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/7VlB_pck3hU

reference_url

https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ

reference_url

https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231

reference_url

https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200517005133/http://www.securitytracker.com/id/1033755

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3226

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1232310
reference_id	1232310
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1232310

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486
reference_id	790486
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486

reference_url

reference_id

CVE-2015-3226

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3226

reference_url

https://github.com/advisories/GHSA-vxvp-4xwc-jpp6

reference_id

GHSA-vxvp-4xwc-jpp6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vxvp-4xwc-jpp6

fixed_packages

url	pkg:deb/debian/rails@2:4.2.4-2?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.4-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-3226, GHSA-vxvp-4xwc-jpp6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2cx-7ycd-tqhq

url VCID-t684-yp58-hkg8

vulnerability_id VCID-t684-yp58-hkg8

summary

ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when
untrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result
from the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:

```
data = cache.fetch("demo", raw: true) { untrusted_string }
```
Versions Affected:  rails < 5.2.5, rails < 6.0.4
Not affected:       Applications not using MemCacheStore or RedisCacheStore. Applications that do not use the `raw` option when storing untrusted user input.
Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1
  
Impact
------
Unmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,
this vulnerability allows an attacker to inject untrusted Ruby objects into a web application.
In addition to upgrading to the latest versions of Rails, developers should ensure that whenever
they are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both
reading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,
detect if data was serialized using the raw option upon deserialization.

Workarounds
-----------
It is recommended that application developers apply the suggested patch or upgrade to the latest release as
soon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using
the `raw` argument should be double-checked to ensure that they conform to the expected format.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8165.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8165

reference_id

reference_type

scores

value	0.90128
scoring_system	epss
scoring_elements	0.99588
published_at	2026-04-13T12:55:00Z

value	0.90128
scoring_system	epss
scoring_elements	0.99589
published_at	2026-04-16T12:55:00Z

value	0.90128
scoring_system	epss
scoring_elements	0.99584
published_at	2026-04-01T12:55:00Z

value	0.90128
scoring_system	epss
scoring_elements	0.99585
published_at	2026-04-02T12:55:00Z

value	0.90128
scoring_system	epss
scoring_elements	0.99586
published_at	2026-04-04T12:55:00Z

value	0.90128
scoring_system	epss
scoring_elements	0.99587
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8165

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15169

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8162

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8164

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8167

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2020-8165.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c

reference_url

https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c

reference_url

https://hackerone.com/reports/413388

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/413388

reference_url

https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8165

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8165

reference_url

https://security.netapp.com/advisory/ntap-20250509-0002

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250509-0002

reference_url

https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released

reference_url

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2p68-f74v-9wc6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1843072
reference_id	1843072
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1843072

reference_url

reference_id

GHSA-2p68-f74v-9wc6

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2p68-f74v-9wc6

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8165, GHSA-2p68-f74v-9wc6

risk_score 10.0

exploitability 2.0

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t684-yp58-hkg8

100

url VCID-t9yh-ss8z-e3cb

vulnerability_id VCID-t9yh-ss8z-e3cb

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22794

reference_id

reference_type

scores

value	0.06659
scoring_system	epss
scoring_elements	0.9124
published_at	2026-04-16T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91216
published_at	2026-04-13T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91213
published_at	2026-04-11T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91206
published_at	2026-04-09T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91179
published_at	2026-04-04T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91186
published_at	2026-04-07T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.9117
published_at	2026-04-02T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.912
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml

reference_url

https://security.netapp.com/advisory/ntap-20240202-0008

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0008

reference_url	https://security.netapp.com/advisory/ntap-20240202-0008/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240202-0008/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22794

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164785
reference_id	2164785
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164785

reference_url

reference_id

CVE-2023-22794

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22794

reference_url

https://github.com/advisories/GHSA-hq7p-j377-6v63

reference_id

GHSA-hq7p-j377-6v63

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hq7p-j377-6v63

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22794, GHSA-hq7p-j377-6v63, GMS-2023-60

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9yh-ss8z-e3cb

101

url VCID-thx6-usb2-kkgc

vulnerability_id VCID-thx6-usb2-kkgc

summary

Nested attributes rejection proc bypass
When using the nested attributes feature in Active Record you can prevent the destruction of associated records by passing the `allow_destroy: false` option to the `accepts_nested_attributes_for` method. The `allow_destroy` flag prevents the `:reject_if` proc from being called because it assumes that the record will be destroyed anyway. However, this is not true if `:allow_destroy` is false so this leads to changes that would have been rejected being applied to the record. Attackers could set attributes to invalid values or clear all the attributes.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7577.json

reference_url

reference_id

reference_type

scores

value	0.01209
scoring_system	epss
scoring_elements	0.79007
published_at	2026-04-16T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78933
published_at	2026-04-01T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78939
published_at	2026-04-02T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78967
published_at	2026-04-04T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78951
published_at	2026-04-07T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78975
published_at	2026-04-08T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78981
published_at	2026-04-09T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.79005
published_at	2026-04-11T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.7899
published_at	2026-04-12T12:55:00Z

value	0.01209
scoring_system	epss
scoring_elements	0.78979
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2015-7577.yml

reference_url	https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/message/raw?msg=ruby-security-ann/cawsWcQ6c8g/LATIsglZEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/cawsWcQ6c8g

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7577

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/25/10

reference_url	http://www.securityfocus.com/bid/81806
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/81806

reference_url	http://www.securitytracker.com/id/1034816
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301957
reference_id	1301957
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301957

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.4:rc1::::::

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:::::::*

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc1::::::

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.5:rc2::::::

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2::::::

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:::::::*

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:::::::*

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:::::::*

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1::::::

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:::::::*

112

reference_url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

reference_id

GHSA-xrr6-3pc4-m447

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xrr6-3pc4-m447

113

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

114

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

115

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2015-7577, GHSA-xrr6-3pc4-m447

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thx6-usb2-kkgc

102

url VCID-up42-s1t8-eqa1

vulnerability_id VCID-up42-s1t8-eqa1

summary

Information disclosure issue in Active Resource
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8151

reference_id

reference_type

scores

value	0.00286
scoring_system	epss
scoring_elements	0.52081
published_at	2026-04-04T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52157
published_at	2026-04-16T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52116
published_at	2026-04-13T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52131
published_at	2026-04-12T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52148
published_at	2026-04-11T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52096
published_at	2026-04-09T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.521
published_at	2026-04-08T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52006
published_at	2026-04-01T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52054
published_at	2026-04-02T12:55:00Z

value	0.00286
scoring_system	epss
scoring_elements	0.52046
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8151

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/activeresource

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/activeresource

reference_url

https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e

reference_url

https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8151

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8151

reference_url

https://github.com/advisories/GHSA-46j2-xjgp-jrfm

reference_id

GHSA-46j2-xjgp-jrfm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-46j2-xjgp-jrfm

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-8151, GHSA-46j2-xjgp-jrfm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-up42-s1t8-eqa1

103

url VCID-uudj-r63z-kban

vulnerability_id VCID-uudj-r63z-kban

summary

XML Parsing Vulnerability affecting JRuby users
There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1856

reference_id

reference_type

scores

value	0.00707
scoring_system	epss
scoring_elements	0.72196
published_at	2026-04-16T12:55:00Z

value	0.00707
scoring_system	epss
scoring_elements	0.7211
published_at	2026-04-01T12:55:00Z

value	0.00707
scoring_system	epss
scoring_elements	0.72116
published_at	2026-04-02T12:55:00Z

value	0.00707
scoring_system	epss
scoring_elements	0.72136
published_at	2026-04-04T12:55:00Z

value	0.00707
scoring_system	epss
scoring_elements	0.72114
published_at	2026-04-07T12:55:00Z

value	0.00707
scoring_system	epss
scoring_elements	0.7215
published_at	2026-04-08T12:55:00Z

value	0.00707
scoring_system	epss
scoring_elements	0.72162
published_at	2026-04-09T12:55:00Z

value	0.00707
scoring_system	epss
scoring_elements	0.72184
published_at	2026-04-11T12:55:00Z

value	0.00707
scoring_system	epss
scoring_elements	0.72169
published_at	2026-04-12T12:55:00Z

value	0.00707
scoring_system	epss
scoring_elements	0.72155
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1856

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI

reference_url

https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1856

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1856

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

reference_url	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856
reference_id
reference_type
scores
url	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856

reference_url	http://www.openwall.com/lists/oss-security/2013/03/18/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2013/03/18/4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*

reference_url

https://github.com/advisories/GHSA-9c2j-593q-3g82

reference_id

GHSA-9c2j-593q-3g82

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9c2j-593q-3g82

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-1856, GHSA-9c2j-593q-3g82, OSV-91451

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uudj-r63z-kban

104

url VCID-v3r3-bwp5-a3bn

vulnerability_id VCID-v3r3-bwp5-a3bn

summary

Path Traversal
The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178044.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178069.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0752

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0752.json

reference_url

reference_id

reference_type

scores

value	0.91051
scoring_system	epss
scoring_elements	0.99639
published_at	2026-04-07T12:55:00Z

value	0.91051
scoring_system	epss
scoring_elements	0.99637
published_at	2026-04-02T12:55:00Z

value	0.91051
scoring_system	epss
scoring_elements	0.9964
published_at	2026-04-13T12:55:00Z

value	0.91051
scoring_system	epss
scoring_elements	0.99641
published_at	2026-04-16T12:55:00Z

value	0.91051
scoring_system	epss
scoring_elements	0.99638
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7581

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0751

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0752

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/335P1DcLG00

reference_url

https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210618005620/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/335P1DcLG00/JXcBnTtZEgAJ

reference_url

https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210621170450/http://www.securityfocus.com/bid/81801

reference_url

https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210723192420/http://www.securitytracker.com/id/1034816

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0752

reference_url

https://www.exploit-db.com/exploits/40561

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/exploits/40561

reference_url

https://www.exploit-db.com/exploits/40561/

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

https://www.exploit-db.com/exploits/40561/

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://www.openwall.com/lists/oss-security/2016/01/25/13

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://www.openwall.com/lists/oss-security/2016/01/25/13

reference_url

http://www.securityfocus.com/bid/81801

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://www.securityfocus.com/bid/81801

reference_url

http://www.securitytracker.com/id/1034816

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:26:36Z/

url

http://www.securitytracker.com/id/1034816

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1301963
reference_id	1301963
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1301963

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:::::::*
reference_id	cpe:2.3:a:redhat:software_collections:1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::
reference_id	cpe:2.3:a:rubyonrails:rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:5.0.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:::::::*
reference_id	cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_module_for_containers:12:::::::*

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb
reference_id	CVE-2016-0752
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/40561.rb

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0752

reference_id

CVE-2016-0752

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0752

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml

reference_id

CVE-2016-0752.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-0752.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml

reference_id

CVE-2016-0752.YML

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-0752.yml

reference_url

https://github.com/advisories/GHSA-xrr4-p6fq-hjg7

reference_id

GHSA-xrr4-p6fq-hjg7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xrr4-p6fq-hjg7

reference_url	https://access.redhat.com/errata/RHSA-2016:0296
reference_id	RHSA-2016:0296
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0296

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.1-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-0752, GHSA-xrr4-p6fq-hjg7

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v3r3-bwp5-a3bn

105

url VCID-v9mt-t1pb-hybk

vulnerability_id VCID-v9mt-t1pb-hybk

summary

Cross site scripting vulnerability in ActionView
There is a possible cross site scripting (XSS) vulnerability in ActionView's JavaScript literal escape helpers.  Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks.

### Impact

There is a possible XSS vulnerability in the `j` and `escape_javascript` methods in ActionView.  These methods are used for escaping JavaScript string literals.  Impacted code will look something like this:

```erb
<script>let a = `<%= j unknown_input %>`</script>
```

or

```erb
<script>let a = `<%= escape_javascript unknown_input %>`</script>
```

### Releases

The 6.0.2.2 and 5.2.4.2 releases are available at the normal locations.

### Workarounds

For those that can't upgrade, the following monkey patch may be used:

```ruby
ActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!(
  {
    "`" => "\\`",
    "$" => "\\$"
  }
)

module ActionView::Helpers::JavaScriptHelper
  alias :old_ej :escape_javascript
  alias :old_j :j

  def escape_javascript(javascript)
    javascript = javascript.to_s
    if javascript.empty?
      result = ""
    else
      result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
    end
    javascript.html_safe? ? result.html_safe : result
  end

  alias :j :escape_javascript
end
```

### Patches

To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* [5-2-js-helper-xss.patch](https://gist.github.com/tenderlove/c042ff49f0347c37e99183a6502accc6#file-5-2-js-helper-xss-patch) - Patch for 5.2 series
* [6-0-js-helper-xss.patch](https://gist.github.com/tenderlove/c042ff49f0347c37e99183a6502accc6#file-6-0-js-helper-xss-patch) - Patch for 6.0 series

Please note that only the 5.2 and 6.0 series are supported at present. Users
of earlier unsupported releases are advised to upgrade as soon as possible as we
cannot guarantee the continued availability of security fixes for unsupported
releases.

### Credits

Thanks to Jesse Campos from Chef Secure

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5267.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-5267

reference_id

reference_type

scores

value	0.00887
scoring_system	epss
scoring_elements	0.75441
published_at	2026-04-04T12:55:00Z

value	0.00887
scoring_system	epss
scoring_elements	0.75504
published_at	2026-04-16T12:55:00Z

value	0.00887
scoring_system	epss
scoring_elements	0.75461
published_at	2026-04-13T12:55:00Z

value	0.00887
scoring_system	epss
scoring_elements	0.75472
published_at	2026-04-12T12:55:00Z

value	0.00887
scoring_system	epss
scoring_elements	0.75493
published_at	2026-04-11T12:55:00Z

value	0.00887
scoring_system	epss
scoring_elements	0.75406
published_at	2026-04-01T12:55:00Z

value	0.00887
scoring_system	epss
scoring_elements	0.75474
published_at	2026-04-09T12:55:00Z

value	0.00887
scoring_system	epss
scoring_elements	0.75465
published_at	2026-04-08T12:55:00Z

value	0.00887
scoring_system	epss
scoring_elements	0.75409
published_at	2026-04-02T12:55:00Z

value	0.00887
scoring_system	epss
scoring_elements	0.75422
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-5267

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5267

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a

reference_url

https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-5267.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/55reWMM_Pg8

reference_url

https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-5267

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-5267

reference_url

http://www.openwall.com/lists/oss-security/2020/03/19/1

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/03/19/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1831528
reference_id	1831528
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1831528

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304
reference_id	954304
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954304

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:actionview::::::::
reference_id	cpe:2.3:a:rubyonrails:actionview::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:actionview::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url

https://github.com/advisories/GHSA-65cv-r6x7-79hv

reference_id

GHSA-65cv-r6x7-79hv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-65cv-r6x7-79hv

reference_url	https://access.redhat.com/errata/RHSA-2020:4366
reference_id	RHSA-2020:4366
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4366

fixed_packages

url	pkg:deb/debian/rails@2:5.2.4.1%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:5.2.4.1%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.4.1%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2020-5267, GHSA-65cv-r6x7-79hv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9mt-t1pb-hybk

106

url VCID-va9q-fjn6-yqee

vulnerability_id VCID-va9q-fjn6-yqee

summary

Direct Manipulation XSS
Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate direct manipulations of `SafeBuffer` objects via `'[]'` and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1098

reference_id

reference_type

scores

value	0.00377
scoring_system	epss
scoring_elements	0.59347
published_at	2026-04-16T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59266
published_at	2026-04-07T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59316
published_at	2026-04-08T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59329
published_at	2026-04-09T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59348
published_at	2026-04-11T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59332
published_at	2026-04-12T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59314
published_at	2026-04-13T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59204
published_at	2026-04-01T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59278
published_at	2026-04-02T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59302
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1098

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=799275

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=799275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098

reference_url	https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1098

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1098

reference_url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_url

https://github.com/advisories/GHSA-qv8p-v9qw-wc7g

reference_id

GHSA-qv8p-v9qw-wc7g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qv8p-v9qw-wc7g

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-1098, GHSA-qv8p-v9qw-wc7g, OSV-79726

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-va9q-fjn6-yqee

107

url VCID-vgm2-8wjy-x7ed

vulnerability_id VCID-vgm2-8wjy-x7ed

summary

Improper Input Validation
Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.

references

reference_url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en

reference_url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_url

http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup

reference_url	http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url	http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-7248.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-7248

reference_id

reference_type

scores

value	0.11409
scoring_system	epss
scoring_elements	0.9359
published_at	2026-04-16T12:55:00Z

value	0.11409
scoring_system	epss
scoring_elements	0.93535
published_at	2026-04-01T12:55:00Z

value	0.11409
scoring_system	epss
scoring_elements	0.93544
published_at	2026-04-02T12:55:00Z

value	0.11409
scoring_system	epss
scoring_elements	0.93552
published_at	2026-04-04T12:55:00Z

value	0.11409
scoring_system	epss
scoring_elements	0.93553
published_at	2026-04-07T12:55:00Z

value	0.11409
scoring_system	epss
scoring_elements	0.93561
published_at	2026-04-08T12:55:00Z

value	0.11409
scoring_system	epss
scoring_elements	0.93564
published_at	2026-04-09T12:55:00Z

value	0.11409
scoring_system	epss
scoring_elements	0.9357
published_at	2026-04-12T12:55:00Z

value	0.11409
scoring_system	epss
scoring_elements	0.93571
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-7248

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=544329

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=544329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7248

reference_url	http://secunia.com/advisories/36600
reference_id
reference_type
scores
url	http://secunia.com/advisories/36600

reference_url	http://secunia.com/advisories/38915
reference_id
reference_type
scores
url	http://secunia.com/advisories/38915

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/099a98e9b7108dae3e0f78b207e0a7dc5913bd1a

reference_url

https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en

reference_url

https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

reference_url

https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup

reference_url	https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
reference_id
reference_type
scores
url	https://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/

reference_url

https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20090906010200/https://www.vupen.com/english/advisories/2009/2544

reference_url

https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1

reference_url

https://www.openwall.com/lists/oss-security/2009/11/28/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2009/11/28/1

reference_url

https://www.openwall.com/lists/oss-security/2009/12/02/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2009/12/02/2

reference_url

https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html

reference_url

http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1

reference_url

http://www.openwall.com/lists/oss-security/2009/11/28/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/11/28/1

reference_url

http://www.openwall.com/lists/oss-security/2009/12/02/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2009/12/02/2

reference_url	http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
reference_id
reference_type
scores
url	http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html

reference_url	http://www.vupen.com/english/advisories/2009/2544
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2009/2544

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685
reference_id	558685
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=558685

reference_url

https://access.redhat.com/security/cve/CVE-2008-7248

reference_id

CVE-2008-7248

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2008-7248

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-7248

reference_id

CVE-2008-7248

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-7248

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt
reference_id	CVE-2008-7248;OSVDB-61124
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33402.txt

reference_url	https://www.securityfocus.com/bid/37322/info
reference_id	CVE-2008-7248;OSVDB-61124
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/37322/info

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml

reference_id

CVE-2008-7248.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml

reference_url

https://github.com/advisories/GHSA-8fqx-7pv4-3jwm

reference_id

GHSA-8fqx-7pv4-3jwm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8fqx-7pv4-3jwm

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@2.2.3-1?distro=trixie
purl	pkg:deb/debian/rails@2.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.2.3-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2008-7248, GHSA-8fqx-7pv4-3jwm

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgm2-8wjy-x7ed

108

url VCID-wg3a-j2dp-ayh4

vulnerability_id VCID-wg3a-j2dp-ayh4

summary

Possible DoS Vulnerability in Action Controller Token Authentication
There is a possible DoS vulnerability in the Token Authentication logic in Action Controller.

Versions Affected:  >= 4.0.0
Not affected:       < 4.0.0
Fixed Versions:     6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6

Impact
------
Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.  Impacted code will look something like this:

```
class PostsController < ApplicationController
  before_action :authenticate

  private

  def authenticate
    authenticate_or_request_with_http_token do |token, options|
      # ...
    end
  end
end
```

All users running an affected release should either upgrade or use one of the workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
The following monkey patch placed in an initializer can be used to work around the issue:

```ruby
module ActionController::HttpAuthentication::Token
  AUTHN_PAIR_DELIMITERS = /(?:,|;|\t)/
end
```

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* 5-2-http-authentication-dos.patch - Patch for 5.2 series
* 6-0-http-authentication-dos.patch - Patch for 6.0 series
* 6-1-http-authentication-dos.patch - Patch for 6.1 series

Please note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Credits
-------
Thank you to https://hackerone.com/wonda_tea_coffee for reporting this issue!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22904.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22904

reference_id

reference_type

scores

value	0.07856
scoring_system	epss
scoring_elements	0.92022
published_at	2026-04-16T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.92007
published_at	2026-04-12T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.92004
published_at	2026-04-13T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.92
published_at	2026-04-08T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.91987
published_at	2026-04-07T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.91981
published_at	2026-04-04T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.91966
published_at	2026-04-01T12:55:00Z

value	0.07856
scoring_system	epss
scoring_elements	0.91974
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22904

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22885

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22904

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22904-possible-dos-vulnerability-in-action-controller-token-authentication/77869

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v5.2.4.6

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v5.2.4.6

reference_url

https://github.com/rails/rails/releases/tag/v5.2.6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v5.2.6

reference_url

https://github.com/rails/rails/releases/tag/v6.0.3.7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.0.3.7

reference_url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22904.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/Pf1TjkOBdyQ

reference_url

https://hackerone.com/reports/1101125

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1101125

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22904

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22904

reference_url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210805-0009

reference_url	https://security.netapp.com/advisory/ntap-20210805-0009/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210805-0009/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1961379
reference_id	1961379
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1961379

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id	988214
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214

reference_url

reference_id

AVG-1920

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-1921

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2090

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2223

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-7wjx-3g7j-8584

reference_url

reference_id

GHSA-7wjx-3g7j-8584

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7wjx-3g7j-8584

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22904, GHSA-7wjx-3g7j-8584

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wg3a-j2dp-ayh4

109

url VCID-wgr4-rzk2-4yet

vulnerability_id VCID-wgr4-rzk2-4yet

summary Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://docs.info.apple.com/article.html?artnum=307179

reference_url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-5380

reference_id

reference_type

scores

value	0.05845
scoring_system	epss
scoring_elements	0.90508
published_at	2026-04-02T12:55:00Z

value	0.05845
scoring_system	epss
scoring_elements	0.90563
published_at	2026-04-16T12:55:00Z

value	0.05845
scoring_system	epss
scoring_elements	0.90545
published_at	2026-04-13T12:55:00Z

value	0.05845
scoring_system	epss
scoring_elements	0.90504
published_at	2026-04-01T12:55:00Z

value	0.05845
scoring_system	epss
scoring_elements	0.90551
published_at	2026-04-12T12:55:00Z

value	0.05845
scoring_system	epss
scoring_elements	0.90552
published_at	2026-04-11T12:55:00Z

value	0.05845
scoring_system	epss
scoring_elements	0.90543
published_at	2026-04-09T12:55:00Z

value	0.05845
scoring_system	epss
scoring_elements	0.90537
published_at	2026-04-08T12:55:00Z

value	0.05845
scoring_system	epss
scoring_elements	0.90524
published_at	2026-04-07T12:55:00Z

value	0.05845
scoring_system	epss
scoring_elements	0.90518
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-5380

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5380

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27965

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27965

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

http://www.novell.com/linux/security/advisories/2007_25_sr.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.novell.com/linux/security/advisories/2007_25_sr.html

reference_url

http://www.securityfocus.com/bid/26096

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/26096

reference_url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-5380

reference_url

reference_id

CVE-2007-5380

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-5380

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml

reference_id

CVE-2007-5380.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-5380.yml

reference_url

https://github.com/advisories/GHSA-jwhv-rgqc-fqj5

reference_id

GHSA-jwhv-rgqc-fqj5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-jwhv-rgqc-fqj5

reference_url	https://security.gentoo.org/glsa/200711-17
reference_id	GLSA-200711-17
reference_type
scores
url	https://security.gentoo.org/glsa/200711-17

reference_url	https://security.gentoo.org/glsa/200912-02
reference_id	GLSA-200912-02
reference_type
scores
url	https://security.gentoo.org/glsa/200912-02

fixed_packages

url	pkg:deb/debian/rails@1.2.5-1?distro=trixie
purl	pkg:deb/debian/rails@1.2.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-5380, GHSA-jwhv-rgqc-fqj5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgr4-rzk2-4yet

110

url VCID-wyqh-g8df-hkay

vulnerability_id VCID-wyqh-g8df-hkay

summary

rails is vulnerable to CRLF injection
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/rails/rails/commit/7282ed863ca7e6f928bae9162c9a63a98775a19d

reference_url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5189.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-5189

reference_id

reference_type

scores

value	0.00169
scoring_system	epss
scoring_elements	0.38214
published_at	2026-04-11T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38187
published_at	2026-04-08T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38195
published_at	2026-04-09T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38201
published_at	2026-04-16T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38154
published_at	2026-04-13T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38065
published_at	2026-04-01T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38178
published_at	2026-04-12T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38245
published_at	2026-04-02T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38268
published_at	2026-04-04T12:55:00Z

value	0.00169
scoring_system	epss
scoring_elements	0.38137
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-5189

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5189

reference_url

http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2008/10/19/rails-2-0-5-redirect_to-and-offset-limit-sanitizing

reference_url

http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2008/10/19/response-splitting-risk

reference_url	http://www.securityfocus.com/bid/32359
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/32359

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=472510
reference_id	472510
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=472510

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-5189

reference_id

CVE-2008-5189

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2008-5189

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml

reference_id

CVE-2008-5189.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2008-5189.yml

reference_url

https://github.com/advisories/GHSA-jmgf-p46x-982h

reference_id

GHSA-jmgf-p46x-982h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jmgf-p46x-982h

fixed_packages

url	pkg:deb/debian/rails@2.1.0-6?distro=trixie
purl	pkg:deb/debian/rails@2.1.0-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.1.0-6%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2008-5189, GHSA-jmgf-p46x-982h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyqh-g8df-hkay

111

url VCID-wyy6-h8bq-vyde

vulnerability_id VCID-wyy6-h8bq-vyde

summary

Denial of Service in Action Dispatch
Impact
------
There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
The following monkey patch placed in an initializer can be used to work around the issue.

```ruby
module Mime
  class Type
    MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME})(?>\s*#{MIME_PARAMETER}\s*)*)\z/
  end
end
```

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* 6-0-Prevent-catastrophic-backtracking-during-mime-parsin.patch - Patch for 6.0 series
* 6-1-Prevent-catastrophic-backtracking-during-mime-parsin.patch - Patch for 6.1 series

Please note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Credits
-------

Thanks to Security Curious <security...@pm.me> for reporting this!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22902.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22902.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22902

reference_id

reference_type

scores

value	0.01063
scoring_system	epss
scoring_elements	0.77701
published_at	2026-04-16T12:55:00Z

value	0.01063
scoring_system	epss
scoring_elements	0.77664
published_at	2026-04-13T12:55:00Z

value	0.01063
scoring_system	epss
scoring_elements	0.77665
published_at	2026-04-12T12:55:00Z

value	0.01063
scoring_system	epss
scoring_elements	0.77681
published_at	2026-04-11T12:55:00Z

value	0.01063
scoring_system	epss
scoring_elements	0.77655
published_at	2026-04-09T12:55:00Z

value	0.01063
scoring_system	epss
scoring_elements	0.77649
published_at	2026-04-08T12:55:00Z

value	0.01063
scoring_system	epss
scoring_elements	0.77605
published_at	2026-04-01T12:55:00Z

value	0.01063
scoring_system	epss
scoring_elements	0.77621
published_at	2026-04-07T12:55:00Z

value	0.01063
scoring_system	epss
scoring_elements	0.77639
published_at	2026-04-04T12:55:00Z

value	0.01063
scoring_system	epss
scoring_elements	0.77612
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22902

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22902
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22902

reference_url

https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2021-22902-possible-denial-of-service-vulnerability-in-action-dispatch/77866

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails/releases/tag/v6.0.3.7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.0.3.7

reference_url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.3.2

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22902.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/_5ID_ld9u1c

reference_url

https://hackerone.com/reports/1138654

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://hackerone.com/reports/1138654

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22902

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22902

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1961382
reference_id	1961382
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1961382

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214
reference_id	988214
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988214

reference_url

reference_id

AVG-2090

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2223

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://github.com/advisories/GHSA-g8ww-46x2-2p65

reference_url

reference_id

GHSA-g8ww-46x2-2p65

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g8ww-46x2-2p65

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22902, GHSA-g8ww-46x2-2p65

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyy6-h8bq-vyde

112

url VCID-xa94-z6yu-skf8

vulnerability_id VCID-xa94-z6yu-skf8

summary

Symbol DoS vulnerability in Active Record
When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately.

references

reference_url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html

reference_url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00070.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00071.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00075.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00078.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00079.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0699.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0699.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0699

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0699

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-1854

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1854.json

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-1854

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1854

reference_id

reference_type

scores

value	0.01795
scoring_system	epss
scoring_elements	0.82726
published_at	2026-04-04T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.828
published_at	2026-04-16T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82761
published_at	2026-04-13T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82766
published_at	2026-04-12T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82771
published_at	2026-04-11T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82723
published_at	2026-04-07T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82755
published_at	2026-04-09T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82697
published_at	2026-04-01T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82748
published_at	2026-04-08T12:55:00Z

value	0.01795
scoring_system	epss
scoring_elements	0.82713
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1854

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=921329

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=921329

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1854

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-1854.yml

reference_url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE
reference_id
reference_type
scores
url	https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/jgJ4cjjS8FE

reference_url

https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/group/ruby-security-ann/msg/34e0d780b04308de?dmode=source&output=gplain

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1854

reference_id

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1854

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released

reference_url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url

https://github.com/advisories/GHSA-3crr-9vmg-864v

reference_id

GHSA-3crr-9vmg-864v

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3crr-9vmg-864v

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14.1?distro=trixie
purl	pkg:deb/debian/rails@2.3.14.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14.1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2013-1854, GHSA-3crr-9vmg-864v, OSV-91453

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xa94-z6yu-skf8

113

url VCID-xqzj-cww4-nbcy

vulnerability_id VCID-xqzj-cww4-nbcy

summary

Moderate severity vulnerability that affects rails
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://dev.rubyonrails.org/ticket/8371

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://dev.rubyonrails.org/ticket/8371

reference_url

http://osvdb.org/36378

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://osvdb.org/36378

reference_url

http://pastie.caboo.se/65550.txt

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://pastie.caboo.se/65550.txt

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2007-3227

reference_id

reference_type

scores

value	0.13632
scoring_system	epss
scoring_elements	0.94215
published_at	2026-04-02T12:55:00Z

value	0.13632
scoring_system	epss
scoring_elements	0.94261
published_at	2026-04-16T12:55:00Z

value	0.13632
scoring_system	epss
scoring_elements	0.94247
published_at	2026-04-13T12:55:00Z

value	0.13632
scoring_system	epss
scoring_elements	0.94246
published_at	2026-04-12T12:55:00Z

value	0.13632
scoring_system	epss
scoring_elements	0.94242
published_at	2026-04-09T12:55:00Z

value	0.13632
scoring_system	epss
scoring_elements	0.94238
published_at	2026-04-08T12:55:00Z

value	0.13632
scoring_system	epss
scoring_elements	0.94229
published_at	2026-04-07T12:55:00Z

value	0.13632
scoring_system	epss
scoring_elements	0.94227
published_at	2026-04-04T12:55:00Z

value	0.13632
scoring_system	epss
scoring_elements	0.94205
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2007-3227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227

reference_url

http://secunia.com/advisories/25699

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/25699

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27756

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/27756

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/12/rails-1-2-5-maintenance-release

reference_url

http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2007/10/5/rails-1-2-4-maintenance-release

reference_url

http://www.novell.com/linux/security/advisories/2007_24_sr.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.novell.com/linux/security/advisories/2007_24_sr.html

reference_url

http://www.securityfocus.com/bid/24161

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/24161

reference_url

http://www.vupen.com/english/advisories/2007/2216

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vupen.com/english/advisories/2007/2216

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177
reference_id	429177
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429177

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2007-3227

reference_id

CVE-2007-3227

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2007-3227

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt
reference_id	CVE-2007-3227;OSVDB-36378
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/30089.txt

reference_url	https://www.securityfocus.com/bid/24161/info
reference_id	CVE-2007-3227;OSVDB-36378
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/24161/info

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml

reference_id

CVE-2007-3227.YML

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rails/CVE-2007-3227.yml

reference_url

https://github.com/advisories/GHSA-gm25-fpmr-43fj

reference_id

GHSA-gm25-fpmr-43fj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-gm25-fpmr-43fj

reference_url	https://security.gentoo.org/glsa/200711-17
reference_id	GLSA-200711-17
reference_type
scores
url	https://security.gentoo.org/glsa/200711-17

fixed_packages

url	pkg:deb/debian/rails@1.2.5-1?distro=trixie
purl	pkg:deb/debian/rails@1.2.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.2.5-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2007-3227, GHSA-gm25-fpmr-43fj, OSV-36378

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xqzj-cww4-nbcy

114

url VCID-xxbb-7e3n-9yb3

vulnerability_id VCID-xxbb-7e3n-9yb3

summary

Cross site scripting in actionpack Rubygem
A cross-site scripting vulnerability flaw was found in the `auto_link` function in Rails before version 3.0.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-1497

reference_id

reference_type

scores

value	0.00328
scoring_system	epss
scoring_elements	0.5576
published_at	2026-04-16T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55722
published_at	2026-04-13T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5574
published_at	2026-04-12T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55759
published_at	2026-04-11T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.5575
published_at	2026-04-09T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55696
published_at	2026-04-07T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55584
published_at	2026-04-01T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55747
published_at	2026-04-08T12:55:00Z

value	0.00328
scoring_system	epss
scoring_elements	0.55718
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-1497

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG

reference_url

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG

reference_url

https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d

reference_url

https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6

reference_url

https://www.openwall.com/lists/oss-security/2011/04/06/13

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2011/04/06/13

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2015262
reference_id	2015262
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2015262

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-1497

reference_id

CVE-2011-1497

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-1497

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml

reference_id

CVE-2011-1497.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml

reference_url

https://github.com/advisories/GHSA-q58j-fmvf-9rq6

reference_id

GHSA-q58j-fmvf-9rq6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q58j-fmvf-9rq6

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-1497, GHSA-q58j-fmvf-9rq6

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxbb-7e3n-9yb3

115

url VCID-y54w-a8kr-suhy

vulnerability_id VCID-y54w-a8kr-suhy

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

reference_id

reference_type

scores

value	0.00689
scoring_system	epss
scoring_elements	0.71795
published_at	2026-04-16T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.71712
published_at	2026-04-07T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.71719
published_at	2026-04-02T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.71738
published_at	2026-04-04T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.7175
published_at	2026-04-08T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.71762
published_at	2026-04-09T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.71786
published_at	2026-04-11T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.7177
published_at	2026-04-12T12:55:00Z

value	0.00689
scoring_system	epss
scoring_elements	0.71752
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-0448

reference_url	http://secunia.com/advisories/43278
reference_id
reference_type
scores
url	http://secunia.com/advisories/43278

reference_url	http://securitytracker.com/id?1025063
reference_id
reference_type
scores
url	http://securitytracker.com/id?1025063

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml

reference_url

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063

reference_url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

reference_url	http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2011/0877

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

reference_id

CVE-2011-0448

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-0448

reference_url

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

reference_id

GHSA-jmm9-2p29-vh2w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jmm9-2p29-vh2w

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@0?distro=trixie
purl	pkg:deb/debian/rails@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-0448, GHSA-jmm9-2p29-vh2w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y54w-a8kr-suhy

116

url VCID-yy6t-ybeu-qycc

vulnerability_id VCID-yy6t-ybeu-qycc

summary

Possible ReDoS vulnerability in block_format in Action Mailer
There is a possible ReDoS vulnerability in the block_format helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889.

Impact
------

Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users can avoid calling the `block_format` helper or upgrade to Ruby 3.2

Credits
-------

Thanks to yuki_osaki for the report!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47889

reference_id

reference_type

scores

value	0.00344
scoring_system	epss
scoring_elements	0.57094
published_at	2026-04-16T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57066
published_at	2026-04-13T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5709
published_at	2026-04-12T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57111
published_at	2026-04-11T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57099
published_at	2026-04-09T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57097
published_at	2026-04-08T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57047
published_at	2026-04-02T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57046
published_at	2026-04-07T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57069
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47889

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml

reference_url

https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94

reference_id

0e5694f4d32544532d2301a9b4084eacb6986e94

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id	1085376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2319033
reference_id	2319033
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2319033

reference_url

https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3

reference_id

3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3

reference_url

https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9

reference_id

985f1923fa62806ff676e41de67c3b4552131ab9

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9

reference_url

https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e

reference_id

be898cc996986decfe238341d96b2a6573b8fd2e

reference_type

scores

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/

url

https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2024-47889
reference_id	CVE-2024-47889
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2024-47889

reference_url

https://github.com/advisories/GHSA-h47h-mwp9-c6q6

reference_id

GHSA-h47h-mwp9-c6q6

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h47h-mwp9-c6q6

reference_url	https://usn.ubuntu.com/7290-1/
reference_id	USN-7290-1
reference_type
scores
url	https://usn.ubuntu.com/7290-1/

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2024-47889, GHSA-h47h-mwp9-c6q6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yy6t-ybeu-qycc

117

url VCID-yzpx-3gam-y3bu

vulnerability_id VCID-yzpx-3gam-y3bu

summary

Active Storage allowed transformation methods that were potentially unsafe
Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default.

The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters.

This has been assigned the CVE identifier CVE-2025-24293.

Versions Affected: >= 5.2.0
Not affected: < 5.2.0
Fixed Versions: 7.1.5.2, 7.2.2.2, 8.0.2.1

Impact
------
This vulnerability impacts applications that use Active Storage with the image_processing processing gem in addition to mini_magick as the image processor.

Vulnerable code will look something similar to this:

```
<%= image_tag blob.variant(params[:t] => params[:v]) %>
```

Where the transformation method or its arguments are untrusted arbitrary input.

All users running an affected release should either upgrade or use one of the workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Consuming user supplied input for image transformation methods or their parameters is unsupported behavior and should be considered dangerous.

Strict validation of user supplied methods and parameters should be performed as well as having a strong [ImageMagick security policy](https://imagemagick.org/script/security-policy.php) deployed.

Credits
-------

Thank you [lio346](https://hackerone.com/lio346) from Unit 515 of OPSWAT for reporting this!

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24293.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24293

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.42056
published_at	2026-04-07T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42119
published_at	2026-04-04T12:55:00Z

value	0.002
scoring_system	epss
scoring_elements	0.42091
published_at	2026-04-02T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43312
published_at	2026-04-08T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43361
published_at	2026-04-16T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43301
published_at	2026-04-13T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43316
published_at	2026-04-12T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43347
published_at	2026-04-11T12:55:00Z

value	0.00209
scoring_system	epss
scoring_elements	0.43327
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24293

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24293
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24293

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-r4mg-4433-c7g3

reference_id

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-02T14:45:32Z/

url

https://github.com/advisories/GHSA-r4mg-4433-c7g3

reference_url

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354

reference_url

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/1b1adf6ee6ca0f3104fcfce79360b2ec1e06a354

reference_url

https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce

reference_url

https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/fb8f3a18c3d97524c0efc29150d1e5f3162fbb13

reference_url

https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3

reference_id

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2025-24293.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-24293

reference_id

reference_type

scores

value	9.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-24293

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2435565
reference_id	2435565
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2435565

fixed_packages

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u4?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u4%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2025-24293, GHSA-r4mg-4433-c7g3

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yzpx-3gam-y3bu

118

url VCID-z1jv-4ga2-7kd1

vulnerability_id VCID-z1jv-4ga2-7kd1

summary

Possible Information Leak Vulnerability
Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00080.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00083.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00006.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2097.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2097

reference_id

reference_type

scores

value	0.01912
scoring_system	epss
scoring_elements	0.83281
published_at	2026-04-08T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83257
published_at	2026-04-07T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83242
published_at	2026-04-02T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83226
published_at	2026-04-01T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83295
published_at	2026-04-13T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83299
published_at	2026-04-12T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83305
published_at	2026-04-11T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.8329
published_at	2026-04-09T12:55:00Z

value	0.01912
scoring_system	epss
scoring_elements	0.83331
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2097

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a1d3ea617ffb0c8ae8467fa439bf63a3bfc4324

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-2097.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2016-2097.yml

reference_url	https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ
reference_id
reference_type
scores
url	https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/ddY6HgqB2z4

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/ddY6HgqB2z4

reference_url

https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160322002234/http://www.securitytracker.com/id/1035122

reference_url

https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228015320/http://www.securityfocus.com/bid/83726

reference_url

https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201221115217/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/ddY6HgqB2z4/we0RasMZIAAJ

reference_url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released

reference_url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

reference_url	http://www.securityfocus.com/bid/83726
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/83726

reference_url	http://www.securitytracker.com/id/1035122
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1035122

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1310043
reference_id	1310043
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1310043

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.10:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.14:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:::::::*

reference_url

reference_id

CVE-2016-2097

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:N/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2097

reference_url

https://github.com/advisories/GHSA-vx9j-46rh-fqr8

reference_id

GHSA-vx9j-46rh-fqr8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vx9j-46rh-fqr8

reference_url	https://access.redhat.com/errata/RHSA-2016:0454
reference_id	RHSA-2016:0454
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0454

reference_url	https://access.redhat.com/errata/RHSA-2016:0455
reference_id	RHSA-2016:0455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0455

reference_url	https://access.redhat.com/errata/RHSA-2016:0456
reference_id	RHSA-2016:0456
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:0456

fixed_packages

url	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.2.5.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.5.2-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2016-2097, GHSA-vx9j-46rh-fqr8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z1jv-4ga2-7kd1

119

url VCID-zkvd-bfd6-t7dg

vulnerability_id VCID-zkvd-bfd6-t7dg

summary

Arbitrary file existence disclosure
Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`

references

reference_url

http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2014-11/msg00112.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7818.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7818

reference_id

reference_type

scores

value	0.00222
scoring_system	epss
scoring_elements	0.44858
published_at	2026-04-16T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44834
published_at	2026-04-11T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44822
published_at	2026-04-04T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44762
published_at	2026-04-07T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44815
published_at	2026-04-08T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44817
published_at	2026-04-09T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44803
published_at	2026-04-12T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44721
published_at	2026-04-01T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44805
published_at	2026-04-13T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44801
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7818

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7818

reference_url

https://github.com/advisories/GHSA-29gr-w57f-rpfw

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-29gr-w57f-rpfw

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2014-7818.yml

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/dCp7duBiQgo/v_R_8PFs5IwJ

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7818

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7818

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1161499
reference_id	1161499
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1161499

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934
reference_id	770934
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770934

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.19:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.20:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.13:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.13:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.13:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.15:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.15:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*

100

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::

101

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::

102

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*

103

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::

104

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*

105

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*

106

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

107

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:::::::*

108

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

109

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

110

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

111

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

112

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

113

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:::::::*

114

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.10:rc1::::::

115

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

116

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

118

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

119

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

120

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

121

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

122

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

123

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

124

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

125

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

126

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

127

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

128

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

129

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.9:::::::*

130

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

131

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

132

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

133

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

134

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

135

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

136

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

137

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

138

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

139

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.5:::::::*

140

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:::::::*

141

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.6:rc1::::::

142

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta1::::::

143

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.2.0:beta2::::::

144

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

145

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:::::::*
reference_id	cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:::::::*

146

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:::::::*

147

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

148

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:::::::*

fixed_packages

url	pkg:deb/debian/rails@2:4.1.8-1?distro=trixie
purl	pkg:deb/debian/rails@2:4.1.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2014-7818, GHSA-29gr-w57f-rpfw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkvd-bfd6-t7dg

120

url VCID-zqzx-avvt-wkhm

vulnerability_id VCID-zqzx-avvt-wkhm

summary

Active Record logging vulnerable to ANSI escape injection
This vulnerability has been assigned the CVE identifier CVE-2025-55193

### Impact
The ID passed to `find` or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences.

### Releases
The fixed releases are available at the normal locations.

### Credits

Thanks to [lio346](https://hackerone.com/lio346) from Unit 515 of OPSWAT for reporting this vulnerability

references

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55193.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-55193

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.3337
published_at	2026-04-16T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33335
published_at	2026-04-13T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33358
published_at	2026-04-12T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.334
published_at	2026-04-11T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33396
published_at	2026-04-09T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33317
published_at	2026-04-07T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33475
published_at	2026-04-04T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33444
published_at	2026-04-02T12:55:00Z

value	0.00136
scoring_system	epss
scoring_elements	0.33363
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-55193

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55193

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url