Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/rails@0?distro=trixie
Typedeb
Namespacedebian
Namerails
Version0
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.1.5-1
Latest_non_vulnerable_version2:7.2.3.1+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1xgz-hwng-n3eq
vulnerability_id VCID-1xgz-hwng-n3eq
summary 
Untrusted users can run pending migrations in production in Rails
There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

This vulnerability has been assigned the CVE identifier CVE-2020-8185.

Versions Affected:  6.0.0 < rails < 6.0.3.2
Not affected:       Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)
Fixed Versions:     rails >= 6.0.3.2

Impact
------

Using this issue, an attacker would be able to execute any migrations that are pending for a Rails app running in production mode. It is important to note that an attacker is limited to running migrations the application developer has already defined in their application and ones that have not already run.

Workarounds
-----------

Until such time as the patch can be applied, application developers should disable the ActionDispatch middleware in their production environment via a line such as this one in their config/environment/production.rb:

`config.middleware.delete ActionDispatch::ActionableExceptions`
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8185.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8185
reference_id
reference_type
scores
0
value 0.00679
scoring_system epss
scoring_elements 0.71577
published_at 2026-04-21T12:55:00Z
1
value 0.00679
scoring_system epss
scoring_elements 0.71597
published_at 2026-04-18T12:55:00Z
2
value 0.00679
scoring_system epss
scoring_elements 0.71532
published_at 2026-04-04T12:55:00Z
3
value 0.00679
scoring_system epss
scoring_elements 0.71557
published_at 2026-04-09T12:55:00Z
4
value 0.00679
scoring_system epss
scoring_elements 0.71545
published_at 2026-04-08T12:55:00Z
5
value 0.00679
scoring_system epss
scoring_elements 0.71509
published_at 2026-04-01T12:55:00Z
6
value 0.00679
scoring_system epss
scoring_elements 0.71515
published_at 2026-04-02T12:55:00Z
7
value 0.00679
scoring_system epss
scoring_elements 0.71505
published_at 2026-04-07T12:55:00Z
8
value 0.00679
scoring_system epss
scoring_elements 0.71592
published_at 2026-04-16T12:55:00Z
9
value 0.00679
scoring_system epss
scoring_elements 0.71546
published_at 2026-04-13T12:55:00Z
10
value 0.00679
scoring_system epss
scoring_elements 0.71564
published_at 2026-04-12T12:55:00Z
11
value 0.00679
scoring_system epss
scoring_elements 0.7158
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8185
2
reference_url https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2121b9d20b60ed503aa041ef7b926d331ed79fc2
3
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2020-8185.yml
4
reference_url https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0
5
reference_url https://hackerone.com/reports/899069
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/899069
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8185
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8185
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1852380
reference_id 1852380
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1852380
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
reference_id 964081
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964081
11
reference_url https://github.com/advisories/GHSA-c6qr-h5vq-59jc
reference_id GHSA-c6qr-h5vq-59jc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6qr-h5vq-59jc
12
reference_url https://access.redhat.com/errata/RHSA-2021:1313
reference_id RHSA-2021:1313
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1313
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2020-8185, GHSA-c6qr-h5vq-59jc
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xgz-hwng-n3eq
1
url VCID-5bh7-drnb-7ygg
vulnerability_id VCID-5bh7-drnb-7ygg
summary 
Rails has possible XSS Vulnerability in Action Controller
# Possible XSS Vulnerability in Action Controller

There is a possible XSS vulnerability when using the translation helpers
(`translate`, `t`, etc) in Action Controller. This vulnerability has been
assigned the CVE identifier CVE-2024-26143.

Versions Affected:  >= 7.0.0.
Not affected:       < 7.0.0
Fixed Versions:     7.1.3.1, 7.0.8.1

Impact
------
Applications using translation methods like `translate`, or `t` on a
controller, with a key ending in "_html", a `:default` key which contains
untrusted user input, and the resulting string is used in a view, may be
susceptible to an XSS vulnerability.

For example, impacted code will look something like this:

```ruby
class ArticlesController < ApplicationController
  def show  
    @message = t("message_html", default: untrusted_input)
    # The `show` template displays the contents of `@message`
  end
end
```

To reiterate the pre-conditions, applications must:

* Use a translation function from a controller (i.e. _not_ I18n.t, or `t` from
  a view)
* Use a key that ends in `_html`
* Use a default value where the default value is untrusted and unescaped input
* Send the text to the victim (whether that's part of a template, or a
  `render` call)

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

*  7-0-translate-xss.patch - Patch for 7.0 series
*  7-1-translate-xss.patch - Patch for 7.1 series

Credits
-------

Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the patch and fix!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26143.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26143
reference_id
reference_type
scores
0
value 0.02067
scoring_system epss
scoring_elements 0.83959
published_at 2026-04-21T12:55:00Z
1
value 0.02067
scoring_system epss
scoring_elements 0.83957
published_at 2026-04-18T12:55:00Z
2
value 0.02067
scoring_system epss
scoring_elements 0.83933
published_at 2026-04-13T12:55:00Z
3
value 0.02067
scoring_system epss
scoring_elements 0.83937
published_at 2026-04-12T12:55:00Z
4
value 0.02067
scoring_system epss
scoring_elements 0.83944
published_at 2026-04-11T12:55:00Z
5
value 0.02067
scoring_system epss
scoring_elements 0.83927
published_at 2026-04-09T12:55:00Z
6
value 0.02067
scoring_system epss
scoring_elements 0.83921
published_at 2026-04-08T12:55:00Z
7
value 0.02067
scoring_system epss
scoring_elements 0.83898
published_at 2026-04-07T12:55:00Z
8
value 0.02067
scoring_system epss
scoring_elements 0.83896
published_at 2026-04-04T12:55:00Z
9
value 0.02067
scoring_system epss
scoring_elements 0.8388
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26143
2
reference_url https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc
6
reference_url https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e
7
reference_url https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26143
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26143
10
reference_url https://security.netapp.com/advisory/ntap-20240510-0004
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240510-0004
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266388
reference_id 2266388
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266388
12
reference_url https://github.com/advisories/GHSA-9822-6m93-xqf4
reference_id GHSA-9822-6m93-xqf4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9822-6m93-xqf4
13
reference_url https://security.netapp.com/advisory/ntap-20240510-0004/
reference_id ntap-20240510-0004
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T18:24:49Z/
url https://security.netapp.com/advisory/ntap-20240510-0004/
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-26143, GHSA-9822-6m93-xqf4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5bh7-drnb-7ygg
2
url VCID-5hqj-fxmk-cbcy
vulnerability_id VCID-5hqj-fxmk-cbcy
summary 
XSS Vulnerability in number_to_currency
The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00080.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
4
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
5
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00013.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2013-1794.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1794.html
7
reference_url http://rhn.redhat.com/errata/RHSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0008.html
8
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
9
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6415.json
10
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6415
reference_id
reference_type
scores
0
value 0.01506
scoring_system epss
scoring_elements 0.81207
published_at 2026-04-21T12:55:00Z
1
value 0.01506
scoring_system epss
scoring_elements 0.81116
published_at 2026-04-02T12:55:00Z
2
value 0.01506
scoring_system epss
scoring_elements 0.81139
published_at 2026-04-04T12:55:00Z
3
value 0.01506
scoring_system epss
scoring_elements 0.81138
published_at 2026-04-07T12:55:00Z
4
value 0.01506
scoring_system epss
scoring_elements 0.81165
published_at 2026-04-08T12:55:00Z
5
value 0.01506
scoring_system epss
scoring_elements 0.81172
published_at 2026-04-09T12:55:00Z
6
value 0.01506
scoring_system epss
scoring_elements 0.81191
published_at 2026-04-11T12:55:00Z
7
value 0.01506
scoring_system epss
scoring_elements 0.81177
published_at 2026-04-12T12:55:00Z
8
value 0.01506
scoring_system epss
scoring_elements 0.81171
published_at 2026-04-13T12:55:00Z
9
value 0.01506
scoring_system epss
scoring_elements 0.81208
published_at 2026-04-16T12:55:00Z
10
value 0.01506
scoring_system epss
scoring_elements 0.81209
published_at 2026-04-18T12:55:00Z
11
value 0.01506
scoring_system epss
scoring_elements 0.81107
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6415
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
14
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
15
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
16
reference_url http://seclists.org/oss-sec/2013/q4/402
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/402
17
reference_url https://github.com/advisories/GHSA-6h5q-96hp-9jgm
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6h5q-96hp-9jgm
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml
19
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ
20
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6415
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6415
22
reference_url https://puppet.com/security/cve/cve-2013-6415
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-6415
23
reference_url https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131206180005/http://www.securityfocus.com/bid/64077
24
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
25
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
26
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036910
reference_id 1036910
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036910
28
reference_url https://access.redhat.com/errata/RHSA-2013:1794
reference_id RHSA-2013:1794
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1794
29
reference_url https://access.redhat.com/errata/RHSA-2014:0008
reference_id RHSA-2014:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0008
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-6415, GHSA-6h5q-96hp-9jgm, OSV-100524
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hqj-fxmk-cbcy
3
url VCID-65tq-e5eb-eucj
vulnerability_id VCID-65tq-e5eb-eucj
summary 
Rails has possible Sensitive Session Information Leak in Active Storage
# Possible Sensitive Session Information Leak in Active Storage

There is a possible sensitive session information leak in Active Storage.  By
default, Active Storage sends a `Set-Cookie` header along with the user's
session cookie when serving blobs.  It also sets `Cache-Control` to public.
Certain proxies may cache the Set-Cookie, leading to an information leak.

This vulnerability has been assigned the CVE identifier CVE-2024-26144.

Versions Affected:  >= 5.2.0, < 7.1.0
Not affected:       < 5.2.0, > 7.1.0
Fixed Versions:     7.0.8.1, 6.1.7.7

Impact
------
A proxy which chooses to caches this request can cause users to share
sessions. This may include a user receiving an attacker's session or vice
versa.

This was patched in 7.1.0 but not previously identified as a security
vulnerability.

All users running an affected release should either upgrade or use one of the
workarounds immediately.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Upgrade to Rails 7.1.X, or configure caching proxies not to cache the
Set-Cookie headers.

Credits
-------

Thanks to [tyage](https://hackerone.com/tyage) for reporting this!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26144.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26144
reference_id
reference_type
scores
0
value 0.03103
scoring_system epss
scoring_elements 0.86828
published_at 2026-04-21T12:55:00Z
1
value 0.03103
scoring_system epss
scoring_elements 0.86829
published_at 2026-04-18T12:55:00Z
2
value 0.03103
scoring_system epss
scoring_elements 0.86825
published_at 2026-04-16T12:55:00Z
3
value 0.03103
scoring_system epss
scoring_elements 0.86809
published_at 2026-04-13T12:55:00Z
4
value 0.03103
scoring_system epss
scoring_elements 0.86814
published_at 2026-04-12T12:55:00Z
5
value 0.03103
scoring_system epss
scoring_elements 0.86818
published_at 2026-04-11T12:55:00Z
6
value 0.03103
scoring_system epss
scoring_elements 0.86804
published_at 2026-04-09T12:55:00Z
7
value 0.03103
scoring_system epss
scoring_elements 0.86796
published_at 2026-04-08T12:55:00Z
8
value 0.03103
scoring_system epss
scoring_elements 0.86759
published_at 2026-04-02T12:55:00Z
9
value 0.03103
scoring_system epss
scoring_elements 0.86776
published_at 2026-04-07T12:55:00Z
10
value 0.03103
scoring_system epss
scoring_elements 0.86778
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26144
2
reference_url https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433
6
reference_url https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3
7
reference_url https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26144.yml
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26144
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26144
11
reference_url https://security.netapp.com/advisory/ntap-20240510-0013
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240510-0013
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119
reference_id 1065119
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065119
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266063
reference_id 2266063
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266063
14
reference_url https://github.com/advisories/GHSA-8h22-8cf7-hq6g
reference_id GHSA-8h22-8cf7-hq6g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8h22-8cf7-hq6g
15
reference_url https://security.netapp.com/advisory/ntap-20240510-0013/
reference_id ntap-20240510-0013
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-09T14:01:13Z/
url https://security.netapp.com/advisory/ntap-20240510-0013/
16
reference_url https://access.redhat.com/errata/RHSA-2024:10806
reference_id RHSA-2024:10806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10806
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
8
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-26144, GHSA-8h22-8cf7-hq6g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65tq-e5eb-eucj
4
url VCID-6j55-bstz-yybj
vulnerability_id VCID-6j55-bstz-yybj
summary 
High severity vulnerability that affects actionpack
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0449
reference_id
reference_type
scores
0
value 0.00555
scoring_system epss
scoring_elements 0.68136
published_at 2026-04-21T12:55:00Z
1
value 0.00555
scoring_system epss
scoring_elements 0.68062
published_at 2026-04-07T12:55:00Z
2
value 0.00555
scoring_system epss
scoring_elements 0.68113
published_at 2026-04-08T12:55:00Z
3
value 0.00555
scoring_system epss
scoring_elements 0.68128
published_at 2026-04-09T12:55:00Z
4
value 0.00555
scoring_system epss
scoring_elements 0.68152
published_at 2026-04-11T12:55:00Z
5
value 0.00555
scoring_system epss
scoring_elements 0.68138
published_at 2026-04-12T12:55:00Z
6
value 0.00555
scoring_system epss
scoring_elements 0.68105
published_at 2026-04-13T12:55:00Z
7
value 0.00555
scoring_system epss
scoring_elements 0.68141
published_at 2026-04-16T12:55:00Z
8
value 0.00555
scoring_system epss
scoring_elements 0.68154
published_at 2026-04-18T12:55:00Z
9
value 0.00555
scoring_system epss
scoring_elements 0.68042
published_at 2026-04-01T12:55:00Z
10
value 0.00555
scoring_system epss
scoring_elements 0.68064
published_at 2026-04-02T12:55:00Z
11
value 0.00555
scoring_system epss
scoring_elements 0.68083
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0449
3
reference_url http://secunia.com/advisories/43278
reference_id
reference_type
scores
url http://secunia.com/advisories/43278
4
reference_url http://securitytracker.com/id?1025061
reference_id
reference_type
scores
url http://securitytracker.com/id?1025061
5
reference_url https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b
6
reference_url https://github.com/rails/rails/tree/main/actionpack
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/tree/main/actionpack
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml
8
reference_url https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061
9
reference_url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
10
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0449
reference_id CVE-2011-0449
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0449
25
reference_url https://github.com/advisories/GHSA-4ww3-3rxj-8v6q
reference_id GHSA-4ww3-3rxj-8v6q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4ww3-3rxj-8v6q
26
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2011-0449, GHSA-4ww3-3rxj-8v6q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6j55-bstz-yybj
5
url VCID-6tty-dbwx-rbgx
vulnerability_id VCID-6tty-dbwx-rbgx
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22797.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-22797
reference_id
reference_type
scores
0
value 0.00137
scoring_system epss
scoring_elements 0.3346
published_at 2026-04-21T12:55:00Z
1
value 0.00137
scoring_system epss
scoring_elements 0.33494
published_at 2026-04-18T12:55:00Z
2
value 0.00137
scoring_system epss
scoring_elements 0.33518
published_at 2026-04-16T12:55:00Z
3
value 0.00137
scoring_system epss
scoring_elements 0.33638
published_at 2026-04-04T12:55:00Z
4
value 0.00137
scoring_system epss
scoring_elements 0.33554
published_at 2026-04-09T12:55:00Z
5
value 0.00137
scoring_system epss
scoring_elements 0.3352
published_at 2026-04-08T12:55:00Z
6
value 0.00137
scoring_system epss
scoring_elements 0.33476
published_at 2026-04-07T12:55:00Z
7
value 0.00137
scoring_system epss
scoring_elements 0.33605
published_at 2026-04-02T12:55:00Z
8
value 0.00137
scoring_system epss
scoring_elements 0.33482
published_at 2026-04-13T12:55:00Z
9
value 0.00137
scoring_system epss
scoring_elements 0.33506
published_at 2026-04-12T12:55:00Z
10
value 0.00137
scoring_system epss
scoring_elements 0.33548
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-22797
2
reference_url https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:07:07Z/
url https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22797.yml
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164793
reference_id 2164793
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164793
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-22797
reference_id CVE-2023-22797
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-22797
9
reference_url https://github.com/advisories/GHSA-9445-4cr6-336r
reference_id GHSA-9445-4cr6-336r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9445-4cr6-336r
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2023-22797, GHSA-9445-4cr6-336r, GMS-2023-57
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6tty-dbwx-rbgx
6
url VCID-awt1-8bxs-xffs
vulnerability_id VCID-awt1-8bxs-xffs
summary 
actionpack Improper Authentication vulnerability
The `decode_credentials` method in `actionpack/lib/action_controller/metal/http_authentication.rb` in Ruby on Rails before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a `with_http_digest` helper method, as demonstrated by the `authenticate_or_request_with_http_digest` method.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3424.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3424
reference_id
reference_type
scores
0
value 0.00981
scoring_system epss
scoring_elements 0.76809
published_at 2026-04-21T12:55:00Z
1
value 0.00981
scoring_system epss
scoring_elements 0.7676
published_at 2026-04-08T12:55:00Z
2
value 0.00981
scoring_system epss
scoring_elements 0.76771
published_at 2026-04-13T12:55:00Z
3
value 0.00981
scoring_system epss
scoring_elements 0.76799
published_at 2026-04-11T12:55:00Z
4
value 0.00981
scoring_system epss
scoring_elements 0.76779
published_at 2026-04-12T12:55:00Z
5
value 0.00981
scoring_system epss
scoring_elements 0.76812
published_at 2026-04-16T12:55:00Z
6
value 0.00981
scoring_system epss
scoring_elements 0.76818
published_at 2026-04-18T12:55:00Z
7
value 0.00981
scoring_system epss
scoring_elements 0.76714
published_at 2026-04-01T12:55:00Z
8
value 0.00981
scoring_system epss
scoring_elements 0.76718
published_at 2026-04-02T12:55:00Z
9
value 0.00981
scoring_system epss
scoring_elements 0.76746
published_at 2026-04-04T12:55:00Z
10
value 0.00981
scoring_system epss
scoring_elements 0.76729
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3424
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/3719bd3e95523c5518507dbe44f260f252930600
6
reference_url https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain
7
reference_url http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/7/26/ann-rails-3-2-7-has-been-released
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=843711
reference_id 843711
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=843711
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3424
reference_id CVE-2012-3424
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3424
10
reference_url https://github.com/advisories/GHSA-92w9-2pqw-rhjj
reference_id GHSA-92w9-2pqw-rhjj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-92w9-2pqw-rhjj
11
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
12
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2012-3424, GHSA-92w9-2pqw-rhjj, OSV-84243
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-awt1-8bxs-xffs
7
url VCID-c1w4-z275-tqg7
vulnerability_id VCID-c1w4-z275-tqg7
summary 
Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3463.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56143
published_at 2026-04-21T12:55:00Z
1
value 0.00333
scoring_system epss
scoring_elements 0.56166
published_at 2026-04-09T12:55:00Z
2
value 0.00333
scoring_system epss
scoring_elements 0.56177
published_at 2026-04-11T12:55:00Z
3
value 0.00333
scoring_system epss
scoring_elements 0.56153
published_at 2026-04-12T12:55:00Z
4
value 0.00333
scoring_system epss
scoring_elements 0.56137
published_at 2026-04-13T12:55:00Z
5
value 0.00333
scoring_system epss
scoring_elements 0.56171
published_at 2026-04-16T12:55:00Z
6
value 0.00333
scoring_system epss
scoring_elements 0.56174
published_at 2026-04-18T12:55:00Z
7
value 0.00333
scoring_system epss
scoring_elements 0.56001
published_at 2026-04-01T12:55:00Z
8
value 0.00333
scoring_system epss
scoring_elements 0.5611
published_at 2026-04-07T12:55:00Z
9
value 0.00333
scoring_system epss
scoring_elements 0.5613
published_at 2026-04-04T12:55:00Z
10
value 0.00333
scoring_system epss
scoring_elements 0.56161
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3463
3
reference_url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/6d0526db91afb0675c2ad3d871529d1536303c64
4
reference_url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!searchin/rubyonrails-security/3463/rubyonrails-security/fV3QUToSMSw/eHBSFOUYHpYJ
5
reference_url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/961e18e514527078?dmode=source&output=gplain
6
reference_url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/fV3QUToSMSw/m/eHBSFOUYHpYJ?pli=1
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3463
8
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
9
reference_url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=847196
reference_id 847196
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=847196
11
reference_url https://github.com/advisories/GHSA-98mf-8f57-64qf
reference_id GHSA-98mf-8f57-64qf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-98mf-8f57-64qf
12
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
13
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1w4-z275-tqg7
8
url VCID-e3j5-xgbr-2qa1
vulnerability_id VCID-e3j5-xgbr-2qa1
summary 
Possible DoS Vulnerability
A carefully crafted email address in conjunction with the Action Mailer logger format string could take advantage of a bug in Ruby's sprintf implementation and possibly lead to a denial of service attack. Impacted Ruby code will look something like this: `"some string #{user_input}" % some_number`
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4389.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4389
reference_id
reference_type
scores
0
value 0.01333
scoring_system epss
scoring_elements 0.79994
published_at 2026-04-21T12:55:00Z
1
value 0.01333
scoring_system epss
scoring_elements 0.79942
published_at 2026-04-04T12:55:00Z
2
value 0.01333
scoring_system epss
scoring_elements 0.7993
published_at 2026-04-07T12:55:00Z
3
value 0.01333
scoring_system epss
scoring_elements 0.79959
published_at 2026-04-08T12:55:00Z
4
value 0.01333
scoring_system epss
scoring_elements 0.79968
published_at 2026-04-09T12:55:00Z
5
value 0.01333
scoring_system epss
scoring_elements 0.79988
published_at 2026-04-11T12:55:00Z
6
value 0.01333
scoring_system epss
scoring_elements 0.79971
published_at 2026-04-12T12:55:00Z
7
value 0.01333
scoring_system epss
scoring_elements 0.79963
published_at 2026-04-13T12:55:00Z
8
value 0.01333
scoring_system epss
scoring_elements 0.79991
published_at 2026-04-18T12:55:00Z
9
value 0.01333
scoring_system epss
scoring_elements 0.79914
published_at 2026-04-01T12:55:00Z
10
value 0.01333
scoring_system epss
scoring_elements 0.79921
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4389
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
10
reference_url http://seclists.org/oss-sec/2013/q4/118
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/118
11
reference_url https://github.com/advisories/GHSA-rg5m-3fqp-6px8
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rg5m-3fqp-6px8
12
reference_url https://github.com/rails/rails/tree/main/actionmailer
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/tree/main/actionmailer
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2013-4389.yml
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4389
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4389
15
reference_url https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208175929/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ
16
reference_url http://www.debian.org/security/2014/dsa-2887
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2887
17
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1013913
reference_id 1013913
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1013913
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-4389, GHSA-rg5m-3fqp-6px8, OSV-98629
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3j5-xgbr-2qa1
9
url VCID-ehbj-aezy-d7h4
vulnerability_id VCID-ehbj-aezy-d7h4
summary 
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
# Possible ReDoS vulnerability in Accept header parsing in Action Dispatch

There is a possible ReDoS vulnerability in the Accept header parsing routines
of Action Dispatch. This vulnerability has been assigned the CVE identifier
CVE-2024-26142.

Versions Affected:  >= 7.1.0, < 7.1.3.1
Not affected:       < 7.1.0
Fixed Versions:     7.1.3.1

Impact
------
Carefully crafted Accept headers can cause Accept header parsing in Action
Dispatch to take an unexpected amount of time, possibly resulting in a DoS
vulnerability.  All users running an affected release should either upgrade or
use one of the workarounds immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby
3.2 or newer are unaffected.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
There are no feasible workarounds for this issue.

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the two supported release series. They are in git-am format and consist of a
single changeset.

* 7-1-accept-redox.patch - Patch for 7.1 series

Credits
-------
Thanks [svalkanov](https://hackerone.com/svalkanov) for the report and patch!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26142.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26142
reference_id
reference_type
scores
0
value 0.03542
scoring_system epss
scoring_elements 0.8769
published_at 2026-04-21T12:55:00Z
1
value 0.03542
scoring_system epss
scoring_elements 0.87693
published_at 2026-04-18T12:55:00Z
2
value 0.03542
scoring_system epss
scoring_elements 0.87692
published_at 2026-04-16T12:55:00Z
3
value 0.03542
scoring_system epss
scoring_elements 0.87677
published_at 2026-04-13T12:55:00Z
4
value 0.03542
scoring_system epss
scoring_elements 0.87645
published_at 2026-04-04T12:55:00Z
5
value 0.03542
scoring_system epss
scoring_elements 0.87674
published_at 2026-04-09T12:55:00Z
6
value 0.03542
scoring_system epss
scoring_elements 0.87667
published_at 2026-04-08T12:55:00Z
7
value 0.03542
scoring_system epss
scoring_elements 0.87647
published_at 2026-04-07T12:55:00Z
8
value 0.03542
scoring_system epss
scoring_elements 0.8768
published_at 2026-04-12T12:55:00Z
9
value 0.03542
scoring_system epss
scoring_elements 0.87632
published_at 2026-04-02T12:55:00Z
10
value 0.03542
scoring_system epss
scoring_elements 0.87685
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26142
2
reference_url https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272
6
reference_url https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26142
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26142
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266324
reference_id 2266324
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266324
10
reference_url https://github.com/advisories/GHSA-jjhx-jhvp-74wq
reference_id GHSA-jjhx-jhvp-74wq
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jjhx-jhvp-74wq
11
reference_url https://security.netapp.com/advisory/ntap-20240503-0003/
reference_id ntap-20240503-0003
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:01:00Z/
url https://security.netapp.com/advisory/ntap-20240503-0003/
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-26142, GHSA-jjhx-jhvp-74wq
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ehbj-aezy-d7h4
10
url VCID-h94p-ywve-y7h9
vulnerability_id VCID-h94p-ywve-y7h9
summary 
XSS Vulnerability in simple_format helper
The simple_format helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped correctly. As a result of this error, applications which pass user-controlled data to be included as html attributes will be vulnerable to an XSS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6416.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6416
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.46517
published_at 2026-04-21T12:55:00Z
1
value 0.00236
scoring_system epss
scoring_elements 0.46448
published_at 2026-04-01T12:55:00Z
2
value 0.00236
scoring_system epss
scoring_elements 0.46487
published_at 2026-04-02T12:55:00Z
3
value 0.00236
scoring_system epss
scoring_elements 0.46507
published_at 2026-04-12T12:55:00Z
4
value 0.00236
scoring_system epss
scoring_elements 0.46456
published_at 2026-04-07T12:55:00Z
5
value 0.00236
scoring_system epss
scoring_elements 0.46512
published_at 2026-04-09T12:55:00Z
6
value 0.00236
scoring_system epss
scoring_elements 0.46535
published_at 2026-04-11T12:55:00Z
7
value 0.00236
scoring_system epss
scoring_elements 0.46516
published_at 2026-04-13T12:55:00Z
8
value 0.00236
scoring_system epss
scoring_elements 0.46573
published_at 2026-04-16T12:55:00Z
9
value 0.00236
scoring_system epss
scoring_elements 0.4657
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6416
2
reference_url http://seclists.org/oss-sec/2013/q4/404
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/404
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/4b4f5847f64f81c961625e647711ef9f6ad1a454
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6416.yml
6
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/5ZI1-H5OoIM/ZNq4FoR2GnIJ
7
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6416
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6416
9
reference_url https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228165109/http://www.securityfocus.com/bid/64071
10
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
11
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036914
reference_id 1036914
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036914
13
reference_url https://github.com/advisories/GHSA-w37c-q653-qg95
reference_id GHSA-w37c-q653-qg95
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w37c-q653-qg95
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-6416, GHSA-w37c-q653-qg95, OSV-100526
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h94p-ywve-y7h9
11
url VCID-hmp2-rmzv-wkhg
vulnerability_id VCID-hmp2-rmzv-wkhg
summary 
Improper Input Validation
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2929
reference_id
reference_type
scores
0
value 0.00814
scoring_system epss
scoring_elements 0.74311
published_at 2026-04-16T12:55:00Z
1
value 0.00814
scoring_system epss
scoring_elements 0.74274
published_at 2026-04-13T12:55:00Z
2
value 0.00814
scoring_system epss
scoring_elements 0.74282
published_at 2026-04-12T12:55:00Z
3
value 0.00814
scoring_system epss
scoring_elements 0.74301
published_at 2026-04-11T12:55:00Z
4
value 0.00814
scoring_system epss
scoring_elements 0.74265
published_at 2026-04-08T12:55:00Z
5
value 0.00814
scoring_system epss
scoring_elements 0.74259
published_at 2026-04-04T12:55:00Z
6
value 0.00814
scoring_system epss
scoring_elements 0.7428
published_at 2026-04-09T12:55:00Z
7
value 0.00814
scoring_system epss
scoring_elements 0.74312
published_at 2026-04-21T12:55:00Z
8
value 0.00814
scoring_system epss
scoring_elements 0.7432
published_at 2026-04-18T12:55:00Z
9
value 0.00814
scoring_system epss
scoring_elements 0.74232
published_at 2026-04-07T12:55:00Z
10
value 0.00814
scoring_system epss
scoring_elements 0.74228
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2929
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=731432
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=731432
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2929.yml
8
reference_url https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
9
reference_url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
10
reference_url http://www.openwall.com/lists/oss-security/2011/08/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/17/1
11
reference_url http://www.openwall.com/lists/oss-security/2011/08/19/11
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/19/11
12
reference_url http://www.openwall.com/lists/oss-security/2011/08/20/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/20/1
13
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/13
14
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/14
15
reference_url http://www.openwall.com/lists/oss-security/2011/08/22/5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2011/08/22/5
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2929
reference_id CVE-2011-2929
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2929
17
reference_url https://github.com/advisories/GHSA-r7q2-5gqg-6c7q
reference_id GHSA-r7q2-5gqg-6c7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r7q2-5gqg-6c7q
18
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2011-2929, GHSA-r7q2-5gqg-6c7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hmp2-rmzv-wkhg
12
url VCID-j24x-nhsb-yug6
vulnerability_id VCID-j24x-nhsb-yug6
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
3
reference_url http://openwall.com/lists/oss-security/2011/06/09/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/09/2
4
reference_url http://openwall.com/lists/oss-security/2011/06/13/9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/06/13/9
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
reference_id
reference_type
scores
0
value 0.00442
scoring_system epss
scoring_elements 0.63243
published_at 2026-04-07T12:55:00Z
1
value 0.00442
scoring_system epss
scoring_elements 0.63301
published_at 2026-04-21T12:55:00Z
2
value 0.00442
scoring_system epss
scoring_elements 0.63322
published_at 2026-04-18T12:55:00Z
3
value 0.00442
scoring_system epss
scoring_elements 0.63314
published_at 2026-04-16T12:55:00Z
4
value 0.00442
scoring_system epss
scoring_elements 0.6333
published_at 2026-04-11T12:55:00Z
5
value 0.00442
scoring_system epss
scoring_elements 0.63278
published_at 2026-04-13T12:55:00Z
6
value 0.00442
scoring_system epss
scoring_elements 0.63295
published_at 2026-04-08T12:55:00Z
7
value 0.00442
scoring_system epss
scoring_elements 0.63313
published_at 2026-04-09T12:55:00Z
8
value 0.00442
scoring_system epss
scoring_elements 0.6319
published_at 2026-04-01T12:55:00Z
9
value 0.00442
scoring_system epss
scoring_elements 0.63249
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-2197
6
reference_url http://secunia.com/advisories/44789
reference_id
reference_type
scores
url http://secunia.com/advisories/44789
7
reference_url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
8
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
9
reference_url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
10
reference_url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
11
reference_url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
reference_id CVE-2011-2197
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-2197
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
reference_id CVE-2011-2197.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
14
reference_url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
reference_id GHSA-v9v4-7jp6-8c73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v9v4-7jp6-8c73
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2011-2197, GHSA-v9v4-7jp6-8c73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j24x-nhsb-yug6
13
url VCID-j8zg-kq3z-jqcm
vulnerability_id VCID-j8zg-kq3z-jqcm
summary 
Improper Input Validation
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2010-3933
reference_id
reference_type
scores
0
value 0.00712
scoring_system epss
scoring_elements 0.72245
published_at 2026-04-02T12:55:00Z
1
value 0.00712
scoring_system epss
scoring_elements 0.72324
published_at 2026-04-21T12:55:00Z
2
value 0.00712
scoring_system epss
scoring_elements 0.72336
published_at 2026-04-18T12:55:00Z
3
value 0.00712
scoring_system epss
scoring_elements 0.72327
published_at 2026-04-16T12:55:00Z
4
value 0.00712
scoring_system epss
scoring_elements 0.72284
published_at 2026-04-13T12:55:00Z
5
value 0.00712
scoring_system epss
scoring_elements 0.72297
published_at 2026-04-12T12:55:00Z
6
value 0.00712
scoring_system epss
scoring_elements 0.72314
published_at 2026-04-11T12:55:00Z
7
value 0.00712
scoring_system epss
scoring_elements 0.72292
published_at 2026-04-09T12:55:00Z
8
value 0.00712
scoring_system epss
scoring_elements 0.7228
published_at 2026-04-08T12:55:00Z
9
value 0.00712
scoring_system epss
scoring_elements 0.72265
published_at 2026-04-04T12:55:00Z
10
value 0.00712
scoring_system epss
scoring_elements 0.72239
published_at 2026-04-01T12:55:00Z
11
value 0.00712
scoring_system epss
scoring_elements 0.72241
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2010-3933
1
reference_url http://secunia.com/advisories/41930
reference_id
reference_type
scores
url http://secunia.com/advisories/41930
2
reference_url http://securitytracker.com/id?1024624
reference_id
reference_type
scores
url http://securitytracker.com/id?1024624
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
5
reference_url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
6
reference_url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
7
reference_url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
8
reference_url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
9
reference_url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
10
reference_url http://www.vupen.com/english/advisories/2010/2719
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2010/2719
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
reference_id CVE-2010-3933
reference_type
scores
0
value 6.4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2010-3933
14
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
reference_id CVE-2010-3933.YML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
15
reference_url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
reference_id GHSA-gjxw-5w2q-7grf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjxw-5w2q-7grf
16
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2010-3933, GHSA-gjxw-5w2q-7grf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8zg-kq3z-jqcm
14
url VCID-kcj2-v7av-47cv
vulnerability_id VCID-kcj2-v7av-47cv
summary 
Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-1794.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1794.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0008.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4491.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4491
reference_id
reference_type
scores
0
value 0.00713
scoring_system epss
scoring_elements 0.72342
published_at 2026-04-21T12:55:00Z
1
value 0.00713
scoring_system epss
scoring_elements 0.72298
published_at 2026-04-08T12:55:00Z
2
value 0.00713
scoring_system epss
scoring_elements 0.7231
published_at 2026-04-09T12:55:00Z
3
value 0.00713
scoring_system epss
scoring_elements 0.72333
published_at 2026-04-11T12:55:00Z
4
value 0.00713
scoring_system epss
scoring_elements 0.72316
published_at 2026-04-12T12:55:00Z
5
value 0.00713
scoring_system epss
scoring_elements 0.72303
published_at 2026-04-13T12:55:00Z
6
value 0.00713
scoring_system epss
scoring_elements 0.72345
published_at 2026-04-16T12:55:00Z
7
value 0.00713
scoring_system epss
scoring_elements 0.72354
published_at 2026-04-18T12:55:00Z
8
value 0.00713
scoring_system epss
scoring_elements 0.72258
published_at 2026-04-01T12:55:00Z
9
value 0.00713
scoring_system epss
scoring_elements 0.72264
published_at 2026-04-02T12:55:00Z
10
value 0.00713
scoring_system epss
scoring_elements 0.72283
published_at 2026-04-04T12:55:00Z
11
value 0.00713
scoring_system epss
scoring_elements 0.72259
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4491
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
10
reference_url http://seclists.org/oss-sec/2013/q4/401
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/401
11
reference_url https://github.com/advisories/GHSA-699m-mcjm-9cw8
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-699m-mcjm-9cw8
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-4491.yml
13
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4491
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4491
15
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
16
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
17
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036922
reference_id 1036922
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036922
19
reference_url https://access.redhat.com/errata/RHSA-2013:1794
reference_id RHSA-2013:1794
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1794
20
reference_url https://access.redhat.com/errata/RHSA-2014:0008
reference_id RHSA-2014:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0008
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-4491, GHSA-699m-mcjm-9cw8, OSV-100528
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kcj2-v7av-47cv
15
url VCID-msda-xqbp-qfdd
vulnerability_id VCID-msda-xqbp-qfdd
summary 
Possible Open Redirect Vulnerability in Action Pack
There is a possible Open Redirect Vulnerability in Action Pack.

Versions Affected:  >= v6.1.0.rc2
Not affected:       < v6.1.0.rc2
Fixed Versions:     6.1.3.2

Impact
------
This is similar to CVE-2021-22881. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious
website.

Since rails/rails@9bc7ea5, strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, config.hosts << "sub.example.com" to permit a request with a Host header value of sub-example.com.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
The following monkey patch put in an initializer can be used as a workaround.

```ruby
class ActionDispatch::HostAuthorization::Permissions
  def sanitize_string(host)
    if host.start_with?(".")
      /\A(.+\.)?#{Regexp.escape(host[1..-1])}\z/i
    else
      /\A#{Regexp.escape host}\z/i
    end
  end
end
```

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the two supported release series. They are in git-am format and consist of a single changeset.

* 6-1-open-redirect.patch - Patch for 6.1 series

Please note that only the 6.1.Z, 6.0.Z, and 5.2.Z series are supported at present. Users of earlier unsupported releases are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.

Credits
-------

Thanks Jonathan Hefner (https://hackerone.com/jonathanhefner) for reporting this bug!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22903.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22903
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35747
published_at 2026-04-21T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35693
published_at 2026-04-01T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.3589
published_at 2026-04-02T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.3592
published_at 2026-04-04T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35751
published_at 2026-04-07T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35801
published_at 2026-04-08T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35823
published_at 2026-04-09T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35831
published_at 2026-04-11T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35791
published_at 2026-04-12T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35768
published_at 2026-04-13T12:55:00Z
10
value 0.00151
scoring_system epss
scoring_elements 0.35808
published_at 2026-04-16T12:55:00Z
11
value 0.00151
scoring_system epss
scoring_elements 0.35796
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22903
2
reference_url https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.rubyonrails.org/t/cve-2021-22903-possible-open-redirect-vulnerability-in-action-pack/77867
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails/releases/tag/v6.1.3.2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.3.2
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22903.yml
6
reference_url https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/rubyonrails-security/c/8TxqXEtgSF0
7
reference_url https://hackerone.com/reports/1148025
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/1148025
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-22903
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-22903
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1957438
reference_id 1957438
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1957438
10
reference_url https://security.archlinux.org/AVG-1919
reference_id AVG-1919
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1919
11
reference_url https://github.com/advisories/GHSA-5hq2-xf89-9jxq
reference_id GHSA-5hq2-xf89-9jxq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hq2-xf89-9jxq
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2021-22903, GHSA-5hq2-xf89-9jxq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msda-xqbp-qfdd
16
url VCID-n5fx-u6fs-vydu
vulnerability_id VCID-n5fx-u6fs-vydu
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.
references
0
reference_url http://openwall.com/lists/oss-security/2014/02/18/9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/02/18/9
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0080
reference_id
reference_type
scores
0
value 0.00248
scoring_system epss
scoring_elements 0.48065
published_at 2026-04-21T12:55:00Z
1
value 0.00248
scoring_system epss
scoring_elements 0.48056
published_at 2026-04-08T12:55:00Z
2
value 0.00248
scoring_system epss
scoring_elements 0.4805
published_at 2026-04-12T12:55:00Z
3
value 0.00248
scoring_system epss
scoring_elements 0.48074
published_at 2026-04-11T12:55:00Z
4
value 0.00248
scoring_system epss
scoring_elements 0.48062
published_at 2026-04-13T12:55:00Z
5
value 0.00248
scoring_system epss
scoring_elements 0.48114
published_at 2026-04-16T12:55:00Z
6
value 0.00248
scoring_system epss
scoring_elements 0.4811
published_at 2026-04-18T12:55:00Z
7
value 0.00248
scoring_system epss
scoring_elements 0.47995
published_at 2026-04-01T12:55:00Z
8
value 0.00248
scoring_system epss
scoring_elements 0.48033
published_at 2026-04-02T12:55:00Z
9
value 0.00248
scoring_system epss
scoring_elements 0.48053
published_at 2026-04-04T12:55:00Z
10
value 0.00248
scoring_system epss
scoring_elements 0.48003
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0080
3
reference_url https://github.com/advisories/GHSA-hqf9-rc9j-5fmj
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hqf9-rc9j-5fmj
4
reference_url https://github.com/rails/rails/tree/main/activerecord
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/tree/main/activerecord
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml
6
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s
7
reference_url https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1065517
reference_id 1065517
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1065517
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0080
reference_id CVE-2014-0080
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0080
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2014-0080, GHSA-hqf9-rc9j-5fmj, OSV-103438
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n5fx-u6fs-vydu
17
url VCID-nf8s-2aaa-17fw
vulnerability_id VCID-nf8s-2aaa-17fw
summary 
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-1794.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1794.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0008.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2014-0469.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0469.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6417.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6417
reference_id
reference_type
scores
0
value 0.00512
scoring_system epss
scoring_elements 0.66501
published_at 2026-04-09T12:55:00Z
1
value 0.00512
scoring_system epss
scoring_elements 0.66487
published_at 2026-04-08T12:55:00Z
2
value 0.00512
scoring_system epss
scoring_elements 0.66468
published_at 2026-04-04T12:55:00Z
3
value 0.00512
scoring_system epss
scoring_elements 0.66515
published_at 2026-04-21T12:55:00Z
4
value 0.00512
scoring_system epss
scoring_elements 0.6653
published_at 2026-04-18T12:55:00Z
5
value 0.00512
scoring_system epss
scoring_elements 0.66512
published_at 2026-04-16T12:55:00Z
6
value 0.00512
scoring_system epss
scoring_elements 0.66477
published_at 2026-04-13T12:55:00Z
7
value 0.00512
scoring_system epss
scoring_elements 0.66508
published_at 2026-04-12T12:55:00Z
8
value 0.00512
scoring_system epss
scoring_elements 0.6652
published_at 2026-04-11T12:55:00Z
9
value 0.00512
scoring_system epss
scoring_elements 0.66439
published_at 2026-04-07T12:55:00Z
10
value 0.00512
scoring_system epss
scoring_elements 0.66402
published_at 2026-04-01T12:55:00Z
11
value 0.00512
scoring_system epss
scoring_elements 0.66441
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6417
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
14
reference_url http://seclists.org/oss-sec/2013/q4/403
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/403
15
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6417.yml
17
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/niK4drpSHT4/g8JW8ZsayRkJ
18
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/niK4drpSHT4
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6417
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6417
20
reference_url https://puppet.com/security/cve/cve-2013-6417
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-6417
21
reference_url https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160806051251/https://puppet.com/security/cve/cve-2013-6417
22
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
23
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
24
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036409
reference_id 1036409
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036409
26
reference_url https://github.com/advisories/GHSA-wpw7-wxjm-cw8r
reference_id GHSA-wpw7-wxjm-cw8r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wpw7-wxjm-cw8r
27
reference_url https://access.redhat.com/errata/RHSA-2013:1794
reference_id RHSA-2013:1794
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1794
28
reference_url https://access.redhat.com/errata/RHSA-2014:0008
reference_id RHSA-2014:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0008
29
reference_url https://access.redhat.com/errata/RHSA-2014:0469
reference_id RHSA-2014:0469
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0469
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-6417, GHSA-wpw7-wxjm-cw8r, OSV-100527
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nf8s-2aaa-17fw
18
url VCID-p22r-u1dd-b7b3
vulnerability_id VCID-p22r-u1dd-b7b3
summary 
Missing security headers in Action Pack on non-HTML responses
# Permissions-Policy is Only Served on HTML Content-Type

The application configurable Permissions-Policy is only served on responses
with an HTML related Content-Type.

This has been assigned the CVE identifier CVE-2024-28103.


Versions Affected:  >= 6.1.0
Not affected:       < 6.1.0
Fixed Versions:     6.1.7.8, 7.0.8.4, and 7.1.3.4

Impact
------
Responses with a non-HTML Content-Type are not serving the configured Permissions-Policy. There are certain non-HTML Content-Types that would benefit from having the Permissions-Policy enforced.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
N/A

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for
the supported release series in accordance with our 
[maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues)
regarding security issues. They are in git-am format and consist of a
single changeset.

* 6-1-include-permissions-policy-header-on-non-html.patch - Patch for 6.1 series
* 7-0-include-permissions-policy-header-on-non-html.patch - Patch for 7.0 series
* 7-1-include-permissions-policy-header-on-non-html.patch - Patch for 7.1 series



Credits
-------

Thank you [shinkbr](https://hackerone.com/shinkbr) for reporting this!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28103.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28103
reference_id
reference_type
scores
0
value 0.00832
scoring_system epss
scoring_elements 0.74612
published_at 2026-04-21T12:55:00Z
1
value 0.00832
scoring_system epss
scoring_elements 0.74621
published_at 2026-04-18T12:55:00Z
2
value 0.00832
scoring_system epss
scoring_elements 0.74613
published_at 2026-04-16T12:55:00Z
3
value 0.00832
scoring_system epss
scoring_elements 0.74576
published_at 2026-04-13T12:55:00Z
4
value 0.00832
scoring_system epss
scoring_elements 0.74585
published_at 2026-04-12T12:55:00Z
5
value 0.00832
scoring_system epss
scoring_elements 0.74581
published_at 2026-04-09T12:55:00Z
6
value 0.00832
scoring_system epss
scoring_elements 0.74565
published_at 2026-04-08T12:55:00Z
7
value 0.00832
scoring_system epss
scoring_elements 0.74533
published_at 2026-04-07T12:55:00Z
8
value 0.00832
scoring_system epss
scoring_elements 0.74559
published_at 2026-04-04T12:55:00Z
9
value 0.00832
scoring_system epss
scoring_elements 0.74532
published_at 2026-04-02T12:55:00Z
10
value 0.00832
scoring_system epss
scoring_elements 0.74604
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28103
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/
url https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523
5
reference_url https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T16:17:47Z/
url https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-28103.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28103
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28103
8
reference_url https://security.netapp.com/advisory/ntap-20241206-0002
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241206-0002
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705
reference_id 1072705
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1072705
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2290530
reference_id 2290530
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2290530
11
reference_url https://github.com/advisories/GHSA-fwhr-88qx-h9g7
reference_id GHSA-fwhr-88qx-h9g7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fwhr-88qx-h9g7
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
8
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-28103, GHSA-fwhr-88qx-h9g7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p22r-u1dd-b7b3
19
url VCID-pd5s-1xsg-f7a5
vulnerability_id VCID-pd5s-1xsg-f7a5
summary 
Rails has a possible XSS vulnerability in its Action Pack debug exceptions
### Impact
The debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`), which is the default in development.

### Releases
The fixed releases are available at the normal locations.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33167
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05104
published_at 2026-04-21T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.04956
published_at 2026-04-18T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.04946
published_at 2026-04-16T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05005
published_at 2026-04-13T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05023
published_at 2026-04-12T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05041
published_at 2026-04-11T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05063
published_at 2026-04-09T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05047
published_at 2026-04-08T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.04992
published_at 2026-04-04T12:55:00Z
9
value 0.00019
scoring_system epss
scoring_elements 0.05014
published_at 2026-04-07T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.04965
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33167
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/
url https://github.com/rails/rails/commit/6752711c8c31d79ba50d13af6a6698a3b85415e0
5
reference_url https://github.com/rails/rails/releases/tag/v8.1.2.1
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/
url https://github.com/rails/rails/releases/tag/v8.1.2.1
6
reference_url https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-24T18:44:05Z/
url https://github.com/rails/rails/security/advisories/GHSA-pgm4-439c-5jp6
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33167
reference_id
reference_type
scores
0
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33167
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450552
reference_id 2450552
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2450552
9
reference_url https://github.com/advisories/GHSA-pgm4-439c-5jp6
reference_id GHSA-pgm4-439c-5jp6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pgm4-439c-5jp6
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2026-33167, GHSA-pgm4-439c-5jp6
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pd5s-1xsg-f7a5
20
url VCID-pmrb-t3bm-zkb6
vulnerability_id VCID-pmrb-t3bm-zkb6
summary 
Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html
1
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html
3
reference_url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-1794.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1794.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2014-0008.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0008.html
6
reference_url http://rhn.redhat.com/errata/RHSA-2014-1863.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1863.html
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6414.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6414
reference_id
reference_type
scores
0
value 0.70843
scoring_system epss
scoring_elements 0.98691
published_at 2026-04-04T12:55:00Z
1
value 0.70843
scoring_system epss
scoring_elements 0.98688
published_at 2026-04-02T12:55:00Z
2
value 0.70843
scoring_system epss
scoring_elements 0.98687
published_at 2026-04-01T12:55:00Z
3
value 0.70843
scoring_system epss
scoring_elements 0.98704
published_at 2026-04-21T12:55:00Z
4
value 0.70843
scoring_system epss
scoring_elements 0.98702
published_at 2026-04-16T12:55:00Z
5
value 0.70843
scoring_system epss
scoring_elements 0.987
published_at 2026-04-13T12:55:00Z
6
value 0.70843
scoring_system epss
scoring_elements 0.98699
published_at 2026-04-12T12:55:00Z
7
value 0.70843
scoring_system epss
scoring_elements 0.98696
published_at 2026-04-09T12:55:00Z
8
value 0.70843
scoring_system epss
scoring_elements 0.98695
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6414
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
11
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
12
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
13
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417
14
reference_url http://seclists.org/oss-sec/2013/q4/400
reference_id
reference_type
scores
url http://seclists.org/oss-sec/2013/q4/400
15
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
16
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6414.yml
17
reference_url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/message/raw?msg=ruby-security-ann/A-ebV4WxzKg/KNPTbX8XAQUJ
18
reference_url https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg
19
reference_url https://puppet.com/security/cve/cve-2013-6414
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://puppet.com/security/cve/cve-2013-6414
20
reference_url https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160421165124/http://secunia.com/advisories/57836
21
reference_url https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160808161629/https://puppet.com/security/cve/cve-2013-6414
22
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released
23
reference_url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/
24
reference_url http://www.debian.org/security/2014/dsa-2888
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2014/dsa-2888
25
reference_url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release
26
reference_url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
reference_id
reference_type
scores
url http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1036483
reference_id 1036483
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1036483
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-6414
reference_id CVE-2013-6414
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-6414
29
reference_url https://github.com/advisories/GHSA-mpxf-gcw2-pw5q
reference_id GHSA-mpxf-gcw2-pw5q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpxf-gcw2-pw5q
30
reference_url https://access.redhat.com/errata/RHSA-2013:1794
reference_id RHSA-2013:1794
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1794
31
reference_url https://access.redhat.com/errata/RHSA-2014:0008
reference_id RHSA-2014:0008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0008
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-6414, GHSA-mpxf-gcw2-pw5q, OSV-100525
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmrb-t3bm-zkb6
21
url VCID-rps2-k24p-9qgq
vulnerability_id VCID-rps2-k24p-9qgq
summary 
Translate helper method which may allow an attacker to insert arbitrary code into a page
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5?pli=1
1
reference_url http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/c65c24fbc4b6dd82?dmode=source&output=gplain
2
reference_url http://openwall.com/lists/oss-security/2011/11/18/8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/11/18/8
3
reference_url http://osvdb.org/77199
reference_id
reference_type
scores
url http://osvdb.org/77199
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4319.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4319
reference_id
reference_type
scores
0
value 0.00607
scoring_system epss
scoring_elements 0.69718
published_at 2026-04-16T12:55:00Z
1
value 0.00607
scoring_system epss
scoring_elements 0.69677
published_at 2026-04-13T12:55:00Z
2
value 0.00607
scoring_system epss
scoring_elements 0.6969
published_at 2026-04-12T12:55:00Z
3
value 0.00607
scoring_system epss
scoring_elements 0.69705
published_at 2026-04-11T12:55:00Z
4
value 0.00607
scoring_system epss
scoring_elements 0.69684
published_at 2026-04-09T12:55:00Z
5
value 0.00607
scoring_system epss
scoring_elements 0.69621
published_at 2026-04-02T12:55:00Z
6
value 0.00607
scoring_system epss
scoring_elements 0.69708
published_at 2026-04-21T12:55:00Z
7
value 0.00607
scoring_system epss
scoring_elements 0.69727
published_at 2026-04-18T12:55:00Z
8
value 0.00607
scoring_system epss
scoring_elements 0.69607
published_at 2026-04-01T12:55:00Z
9
value 0.00607
scoring_system epss
scoring_elements 0.69636
published_at 2026-04-04T12:55:00Z
10
value 0.00607
scoring_system epss
scoring_elements 0.69666
published_at 2026-04-08T12:55:00Z
11
value 0.00607
scoring_system epss
scoring_elements 0.69615
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4319
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/71364
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/71364
7
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
8
reference_url https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/2d5b105d4bcb652550dda8b5613376d1b8beb70c
9
reference_url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade
10
reference_url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/ba2d85012088fd0db0fab98b2e512c77c83cbade#diff-79e8a3e6d1d2808c4f93f63b3928a5a1
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-4319.yml
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-77199.yml
13
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU
14
reference_url https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228155840/http://www.securityfocus.com/bid/50722
15
reference_url https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210307005941/http://www.securitytracker.com/id?1026342
16
reference_url http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
17
reference_url http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released
18
reference_url http://www.securityfocus.com/bid/50722
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/50722
19
reference_url http://www.securitytracker.com/id?1026342
reference_id
reference_type
scores
url http://www.securitytracker.com/id?1026342
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=755004
reference_id 755004
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=755004
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4319
reference_id CVE-2011-4319
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-4319
22
reference_url https://github.com/advisories/GHSA-xxr8-833v-c7wc
reference_id GHSA-xxr8-833v-c7wc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xxr8-833v-c7wc
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2011-4319, GHSA-xxr8-833v-c7wc, OSV-77199
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rps2-k24p-9qgq
22
url VCID-rq7w-zmh4-17e1
vulnerability_id VCID-rq7w-zmh4-17e1
summary 
SQL injection vulnerability in Active Record
Due to the way Active Record handles nested query parameters, an attacker can use a specially crafted request to inject some forms of SQL into your application's SQL queries.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0154.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0154.html
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2661.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
reference_id
reference_type
scores
0
value 0.0073
scoring_system epss
scoring_elements 0.72697
published_at 2026-04-21T12:55:00Z
1
value 0.0073
scoring_system epss
scoring_elements 0.72652
published_at 2026-04-13T12:55:00Z
2
value 0.0073
scoring_system epss
scoring_elements 0.72694
published_at 2026-04-16T12:55:00Z
3
value 0.0073
scoring_system epss
scoring_elements 0.72705
published_at 2026-04-18T12:55:00Z
4
value 0.0073
scoring_system epss
scoring_elements 0.72604
published_at 2026-04-01T12:55:00Z
5
value 0.0073
scoring_system epss
scoring_elements 0.72611
published_at 2026-04-02T12:55:00Z
6
value 0.0073
scoring_system epss
scoring_elements 0.72628
published_at 2026-04-04T12:55:00Z
7
value 0.0073
scoring_system epss
scoring_elements 0.72605
published_at 2026-04-07T12:55:00Z
8
value 0.0073
scoring_system epss
scoring_elements 0.72644
published_at 2026-04-08T12:55:00Z
9
value 0.0073
scoring_system epss
scoring_elements 0.72656
published_at 2026-04-09T12:55:00Z
10
value 0.0073
scoring_system epss
scoring_elements 0.72679
published_at 2026-04-11T12:55:00Z
11
value 0.0073
scoring_system epss
scoring_elements 0.72662
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-2661
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2661
7
reference_url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
reference_id
reference_type
scores
url https://github.com/rails/rails/commit/71f7917c553cdc9a0ee49e87af0efb7429759718#diff-2ec9993375ecb711e08452788d625581
8
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
reference_id
reference_type
scores
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/OSVDB-82403.yml
9
reference_url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/fc2da6c627fc92df?dmode=source&output=gplain
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-2661
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=827363
reference_id 827363
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=827363
12
reference_url https://github.com/advisories/GHSA-fh39-v733-mxfr
reference_id GHSA-fh39-v733-mxfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh39-v733-mxfr
13
reference_url https://access.redhat.com/errata/RHSA-2012:1542
reference_id RHSA-2012:1542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1542
14
reference_url https://access.redhat.com/errata/RHSA-2013:0154
reference_id RHSA-2013:0154
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0154
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2012-2661, GHSA-fh39-v733-mxfr, OSV-82403
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rq7w-zmh4-17e1
23
url VCID-rqfj-8y7h-eqgm
vulnerability_id VCID-rqfj-8y7h-eqgm
summary 
ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML.

This has been assigned the CVE identifier CVE-2024-32464.


Versions Affected:  >= 7.1.0
Not affected:       < 7.1.0
Fixed Versions:     7.1.3.4

Impact
------
This could lead to a potential cross site scripting issue within the Trix editor.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
N/A

Patches
-------
To aid users who aren't able to upgrade immediately we have provided patches for the supported release series in accordance with our [maintenance policy](https://guides.rubyonrails.org/maintenance_policy.html#security-issues) regarding security issues. They are in git-am format and consist of a single changeset.

* action_text_content_attachment_xss_7_1_stable.patch - Patch for 7.1 series



Credits
-------

Thank you [ooooooo_q](https://hackerone.com/ooooooo_q) for reporting this!
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32464
reference_id
reference_type
scores
0
value 0.0028
scoring_system epss
scoring_elements 0.51354
published_at 2026-04-02T12:55:00Z
1
value 0.0028
scoring_system epss
scoring_elements 0.51393
published_at 2026-04-08T12:55:00Z
2
value 0.0028
scoring_system epss
scoring_elements 0.51339
published_at 2026-04-07T12:55:00Z
3
value 0.0028
scoring_system epss
scoring_elements 0.5138
published_at 2026-04-04T12:55:00Z
4
value 0.0028
scoring_system epss
scoring_elements 0.5143
published_at 2026-04-21T12:55:00Z
5
value 0.0028
scoring_system epss
scoring_elements 0.51451
published_at 2026-04-18T12:55:00Z
6
value 0.0028
scoring_system epss
scoring_elements 0.51443
published_at 2026-04-16T12:55:00Z
7
value 0.0028
scoring_system epss
scoring_elements 0.514
published_at 2026-04-13T12:55:00Z
8
value 0.0028
scoring_system epss
scoring_elements 0.51414
published_at 2026-04-12T12:55:00Z
9
value 0.0028
scoring_system epss
scoring_elements 0.51435
published_at 2026-04-11T12:55:00Z
10
value 0.0028
scoring_system epss
scoring_elements 0.51392
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32464
1
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
2
reference_url https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/
url https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995
3
reference_url https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T19:54:13Z/
url https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-32464.yml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32464
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32464
6
reference_url https://github.com/advisories/GHSA-prjp-h48f-jgf6
reference_id GHSA-prjp-h48f-jgf6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-prjp-h48f-jgf6
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-32464, GHSA-prjp-h48f-jgf6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqfj-8y7h-eqgm
24
url VCID-up42-s1t8-eqa1
vulnerability_id VCID-up42-s1t8-eqa1
summary 
Information disclosure issue in Active Resource
There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8151
reference_id
reference_type
scores
0
value 0.00286
scoring_system epss
scoring_elements 0.52006
published_at 2026-04-01T12:55:00Z
1
value 0.00286
scoring_system epss
scoring_elements 0.52142
published_at 2026-04-21T12:55:00Z
2
value 0.00286
scoring_system epss
scoring_elements 0.5216
published_at 2026-04-18T12:55:00Z
3
value 0.00286
scoring_system epss
scoring_elements 0.52157
published_at 2026-04-16T12:55:00Z
4
value 0.00286
scoring_system epss
scoring_elements 0.52116
published_at 2026-04-13T12:55:00Z
5
value 0.00286
scoring_system epss
scoring_elements 0.52131
published_at 2026-04-12T12:55:00Z
6
value 0.00286
scoring_system epss
scoring_elements 0.52148
published_at 2026-04-11T12:55:00Z
7
value 0.00286
scoring_system epss
scoring_elements 0.52096
published_at 2026-04-09T12:55:00Z
8
value 0.00286
scoring_system epss
scoring_elements 0.521
published_at 2026-04-08T12:55:00Z
9
value 0.00286
scoring_system epss
scoring_elements 0.52046
published_at 2026-04-07T12:55:00Z
10
value 0.00286
scoring_system epss
scoring_elements 0.52081
published_at 2026-04-04T12:55:00Z
11
value 0.00286
scoring_system epss
scoring_elements 0.52054
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8151
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/rails/activeresource
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/activeresource
3
reference_url https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e
4
reference_url https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc
5
reference_url https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8151
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8151
8
reference_url https://github.com/advisories/GHSA-46j2-xjgp-jrfm
reference_id GHSA-46j2-xjgp-jrfm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46j2-xjgp-jrfm
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2020-8151, GHSA-46j2-xjgp-jrfm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-up42-s1t8-eqa1
25
url VCID-uudj-r63z-kban
vulnerability_id VCID-uudj-r63z-kban
summary 
XML Parsing Vulnerability affecting JRuby users
There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately.
references
0
reference_url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
1
reference_url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1856
reference_id
reference_type
scores
0
value 0.00707
scoring_system epss
scoring_elements 0.72205
published_at 2026-04-18T12:55:00Z
1
value 0.00707
scoring_system epss
scoring_elements 0.72196
published_at 2026-04-16T12:55:00Z
2
value 0.00707
scoring_system epss
scoring_elements 0.72155
published_at 2026-04-13T12:55:00Z
3
value 0.00707
scoring_system epss
scoring_elements 0.72169
published_at 2026-04-12T12:55:00Z
4
value 0.00707
scoring_system epss
scoring_elements 0.72184
published_at 2026-04-11T12:55:00Z
5
value 0.00707
scoring_system epss
scoring_elements 0.72162
published_at 2026-04-09T12:55:00Z
6
value 0.00707
scoring_system epss
scoring_elements 0.72136
published_at 2026-04-04T12:55:00Z
7
value 0.00707
scoring_system epss
scoring_elements 0.7219
published_at 2026-04-21T12:55:00Z
8
value 0.00707
scoring_system epss
scoring_elements 0.72114
published_at 2026-04-07T12:55:00Z
9
value 0.00707
scoring_system epss
scoring_elements 0.7211
published_at 2026-04-01T12:55:00Z
10
value 0.00707
scoring_system epss
scoring_elements 0.7215
published_at 2026-04-08T12:55:00Z
11
value 0.00707
scoring_system epss
scoring_elements 0.72116
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1856
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml
5
reference_url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
reference_id
reference_type
scores
url https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
6
reference_url https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/group/rubyonrails-security/msg/6c2482d4ed1545e6?dmode=source&output=gplain
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1856
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1856
8
reference_url http://support.apple.com/kb/HT5784
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://support.apple.com/kb/HT5784
9
reference_url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20130609174600/http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
10
reference_url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20131109010518/http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html
11
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released
12
reference_url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
reference_id
reference_type
scores
url http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
13
reference_url http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856
reference_id
reference_type
scores
url http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1856
14
reference_url http://www.openwall.com/lists/oss-security/2013/03/18/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/03/18/4
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*
27
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*
59
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*
60
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*
61
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:ruby_on_rails:3.1.11:*:*:*:*:*:*:*
62
reference_url https://github.com/advisories/GHSA-9c2j-593q-3g82
reference_id GHSA-9c2j-593q-3g82
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c2j-593q-3g82
63
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2013-1856, GHSA-9c2j-593q-3g82, OSV-91451
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uudj-r63z-kban
26
url VCID-xxbb-7e3n-9yb3
vulnerability_id VCID-xxbb-7e3n-9yb3
summary 
Cross site scripting in actionpack Rubygem
A cross-site scripting vulnerability flaw was found in the `auto_link` function in Rails before version 3.0.6.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1497
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55742
published_at 2026-04-21T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.55584
published_at 2026-04-01T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.55696
published_at 2026-04-07T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.55718
published_at 2026-04-04T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.55747
published_at 2026-04-08T12:55:00Z
5
value 0.00328
scoring_system epss
scoring_elements 0.5575
published_at 2026-04-09T12:55:00Z
6
value 0.00328
scoring_system epss
scoring_elements 0.55759
published_at 2026-04-11T12:55:00Z
7
value 0.00328
scoring_system epss
scoring_elements 0.5574
published_at 2026-04-12T12:55:00Z
8
value 0.00328
scoring_system epss
scoring_elements 0.55722
published_at 2026-04-13T12:55:00Z
9
value 0.00328
scoring_system epss
scoring_elements 0.5576
published_at 2026-04-16T12:55:00Z
10
value 0.00328
scoring_system epss
scoring_elements 0.55764
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1497
2
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
3
reference_url https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
4
reference_url https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
5
reference_url https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6
6
reference_url https://www.openwall.com/lists/oss-security/2011/04/06/13
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2011/04/06/13
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2015262
reference_id 2015262
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2015262
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1497
reference_id CVE-2011-1497
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1497
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml
reference_id CVE-2011-1497.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml
10
reference_url https://github.com/advisories/GHSA-q58j-fmvf-9rq6
reference_id GHSA-q58j-fmvf-9rq6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q58j-fmvf-9rq6
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2011-1497, GHSA-q58j-fmvf-9rq6
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxbb-7e3n-9yb3
27
url VCID-y54w-a8kr-suhy
vulnerability_id VCID-y54w-a8kr-suhy
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
references
0
reference_url http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://groups.google.com/group/rubyonrails-security/msg/4e19864cf6ad40ad?dmode=source&output=gplain
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-0448
reference_id
reference_type
scores
0
value 0.00689
scoring_system epss
scoring_elements 0.718
published_at 2026-04-18T12:55:00Z
1
value 0.00689
scoring_system epss
scoring_elements 0.71795
published_at 2026-04-16T12:55:00Z
2
value 0.00689
scoring_system epss
scoring_elements 0.71752
published_at 2026-04-13T12:55:00Z
3
value 0.00689
scoring_system epss
scoring_elements 0.7177
published_at 2026-04-12T12:55:00Z
4
value 0.00689
scoring_system epss
scoring_elements 0.7175
published_at 2026-04-08T12:55:00Z
5
value 0.00689
scoring_system epss
scoring_elements 0.71783
published_at 2026-04-21T12:55:00Z
6
value 0.00689
scoring_system epss
scoring_elements 0.71762
published_at 2026-04-09T12:55:00Z
7
value 0.00689
scoring_system epss
scoring_elements 0.71712
published_at 2026-04-07T12:55:00Z
8
value 0.00689
scoring_system epss
scoring_elements 0.71786
published_at 2026-04-11T12:55:00Z
9
value 0.00689
scoring_system epss
scoring_elements 0.71719
published_at 2026-04-02T12:55:00Z
10
value 0.00689
scoring_system epss
scoring_elements 0.71738
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-0448
3
reference_url http://secunia.com/advisories/43278
reference_id
reference_type
scores
url http://secunia.com/advisories/43278
4
reference_url http://securitytracker.com/id?1025063
reference_id
reference_type
scores
url http://securitytracker.com/id?1025063
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/354da43ab0a10b3b7b3f9cb0619aa562c3be8474
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-0448.yml
8
reference_url https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20201220214809/http://securitytracker.com/id?1025063
9
reference_url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
10
reference_url http://www.vupen.com/english/advisories/2011/0877
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2011/0877
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-0448
reference_id CVE-2011-0448
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-0448
25
reference_url https://github.com/advisories/GHSA-jmm9-2p29-vh2w
reference_id GHSA-jmm9-2p29-vh2w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jmm9-2p29-vh2w
26
reference_url https://security.gentoo.org/glsa/201412-28
reference_id GLSA-201412-28
reference_type
scores
url https://security.gentoo.org/glsa/201412-28
fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2011-0448, GHSA-jmm9-2p29-vh2w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y54w-a8kr-suhy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie