Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/rails@2.3.14?distro=trixie

Type deb

Namespace debian

Name rails

Version 2.3.14

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.3.14.1

Latest_non_vulnerable_version 2:7.2.3.1+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1rgy-k7a9-m7au

vulnerability_id VCID-1rgy-k7a9-m7au

summary

XSS via posted select tag options
Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1099.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1099

reference_id

reference_type

scores

value	0.00399
scoring_system	epss
scoring_elements	0.60704
published_at	2026-04-21T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60616
published_at	2026-04-07T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60645
published_at	2026-04-04T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60665
published_at	2026-04-08T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.6068
published_at	2026-04-09T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60705
published_at	2026-04-11T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60691
published_at	2026-04-12T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60671
published_at	2026-04-13T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60713
published_at	2026-04-16T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60719
published_at	2026-04-18T12:55:00Z

value	0.00399
scoring_system	epss
scoring_elements	0.60541
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1099

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=799276

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=799276

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1099

reference_url

https://github.com/advisories/GHSA-2xjj-5x6h-8vmf

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-2xjj-5x6h-8vmf

reference_url	https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/9435f5a479317458c558ae743b7d876dd5a5db20

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-79727.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1099

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1099

reference_url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_url

http://www.debian.org/security/2012/dsa-2466

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2012/dsa-2466

reference_url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/03/1

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-1099, GHSA-2xjj-5x6h-8vmf, OSV-79727

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgy-k7a9-m7au

url VCID-43f3-rxwm-fkgv

vulnerability_id VCID-43f3-rxwm-fkgv

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2932

reference_id

reference_type

scores

value	0.00813
scoring_system	epss
scoring_elements	0.74208
published_at	2026-04-01T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74295
published_at	2026-04-21T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74303
published_at	2026-04-18T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74293
published_at	2026-04-16T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.7424
published_at	2026-04-04T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74214
published_at	2026-04-02T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74256
published_at	2026-04-13T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74263
published_at	2026-04-12T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74282
published_at	2026-04-11T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.7426
published_at	2026-04-09T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74246
published_at	2026-04-08T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74213
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2932

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731435

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731435

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2932

reference_url	http://secunia.com/advisories/45917
reference_id
reference_type
scores
url	http://secunia.com/advisories/45917

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2932

reference_id

CVE-2011-2932

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2932

reference_url

https://github.com/advisories/GHSA-9fh3-vh3h-q4g3

reference_id

GHSA-9fh3-vh3h-q4g3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9fh3-vh3h-q4g3

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2932, GHSA-9fh3-vh3h-q4g3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-43f3-rxwm-fkgv

url VCID-4cky-r218-dkbb

vulnerability_id VCID-4cky-r218-dkbb

summary

activerecord vulnerable to SQL Injection
Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_id

reference_type

scores

value	0.00955
scoring_system	epss
scoring_elements	0.76471
published_at	2026-04-18T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76467
published_at	2026-04-16T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76366
published_at	2026-04-01T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76457
published_at	2026-04-21T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76399
published_at	2026-04-04T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76369
published_at	2026-04-02T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76425
published_at	2026-04-13T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76431
published_at	2026-04-12T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76453
published_at	2026-04-11T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76427
published_at	2026-04-09T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76414
published_at	2026-04-08T12:55:00Z

value	0.00955
scoring_system	epss
scoring_elements	0.76381
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2930

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731438

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.debian.org/security/2011/dsa-2301

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2011/dsa-2301

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_id

CVE-2011-2930

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2930

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_id

CVE-2011-2930.YML

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml

reference_url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_id

GHSA-h6w6-xmqv-7q78

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h6w6-xmqv-7q78

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2930, GHSA-h6w6-xmqv-7q78

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4cky-r218-dkbb

url VCID-knsd-pv15-tydx

vulnerability_id VCID-knsd-pv15-tydx

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/fd41ab62966e0fd1?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-2931

reference_id

reference_type

scores

value	0.00813
scoring_system	epss
scoring_elements	0.74295
published_at	2026-04-21T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74208
published_at	2026-04-01T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74214
published_at	2026-04-02T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.7424
published_at	2026-04-04T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74213
published_at	2026-04-07T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74246
published_at	2026-04-08T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.7426
published_at	2026-04-09T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74282
published_at	2026-04-11T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74263
published_at	2026-04-12T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74256
published_at	2026-04-13T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74293
published_at	2026-04-16T12:55:00Z

value	0.00813
scoring_system	epss
scoring_elements	0.74303
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-2931

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=731436

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=731436

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2931

reference_url	http://secunia.com/advisories/45921
reference_id
reference_type
scores
url	http://secunia.com/advisories/45921

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-2931.yml

reference_url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6

reference_url

http://www.debian.org/security/2011/dsa-2301

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2011/dsa-2301

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-2931

reference_id

CVE-2011-2931

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-2931

reference_url

https://github.com/advisories/GHSA-v5jg-558j-q67c

reference_id

GHSA-v5jg-558j-q67c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-v5jg-558j-q67c

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-2931, GHSA-v5jg-558j-q67c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-knsd-pv15-tydx

url VCID-kr1b-uct1-7kf6

vulnerability_id VCID-kr1b-uct1-7kf6

summary

Response Splitting Vulnerability in Ruby on Rails
A response splitting flaw can allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/bbe342e43abaa78c?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-3186

reference_id

reference_type

scores

value	0.00814
scoring_system	epss
scoring_elements	0.7432
published_at	2026-04-18T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74311
published_at	2026-04-16T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74274
published_at	2026-04-13T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74282
published_at	2026-04-12T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74301
published_at	2026-04-11T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74312
published_at	2026-04-21T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.7428
published_at	2026-04-09T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74265
published_at	2026-04-08T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74259
published_at	2026-04-04T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74232
published_at	2026-04-07T12:55:00Z

value	0.00814
scoring_system	epss
scoring_elements	0.74228
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-3186

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=732156

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=732156

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3186

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9

reference_url	https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9#diff-62558f372a46058cbab9309494d0fbb1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-3186.yml

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/OSVDB-74616.yml

reference_url

https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!topic/rubyonrails-security/b_yTveAph2g

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2011-3186

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2011-3186

reference_url

https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150201000000*/http://secunia.com/advisories/45921

reference_url

http://www.debian.org/security/2011/dsa-2301

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2011/dsa-2301

reference_url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/17/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/19/11

reference_url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/20/1

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/13

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/14

reference_url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2011/08/22/5

reference_url

https://github.com/advisories/GHSA-fcqf-h4h4-695m

reference_id

GHSA-fcqf-h4h4-695m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fcqf-h4h4-695m

reference_url	https://security.gentoo.org/glsa/201412-28
reference_id	GLSA-201412-28
reference_type
scores
url	https://security.gentoo.org/glsa/201412-28

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2011-3186, GHSA-fcqf-h4h4-695m, OSV-74616

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kr1b-uct1-7kf6

url VCID-va9q-fjn6-yqee

vulnerability_id VCID-va9q-fjn6-yqee

summary

Direct Manipulation XSS
Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate direct manipulations of `SafeBuffer` objects via `'[]'` and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

references

reference_url

http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1098.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1098

reference_id

reference_type

scores

value	0.00377
scoring_system	epss
scoring_elements	0.59334
published_at	2026-04-21T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59329
published_at	2026-04-09T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59348
published_at	2026-04-11T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59332
published_at	2026-04-12T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59314
published_at	2026-04-13T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59347
published_at	2026-04-16T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59353
published_at	2026-04-18T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59204
published_at	2026-04-01T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59278
published_at	2026-04-02T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59302
published_at	2026-04-04T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59266
published_at	2026-04-07T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59316
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1098

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=799275

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=799275

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1098

reference_url	https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9
reference_id
reference_type
scores
url	https://github.com/rails/rails/commit/c60c1c0812d5eb55e7024db350f8bc5b6729f7fe#diff-6156f8cec254c1236b4a4eceb04df3d9

reference_url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml
reference_id
reference_type
scores
url	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/OSVDB-79726.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-1098

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-1098

reference_url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

reference_url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/02/6

reference_url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/03/03/1

reference_url

https://github.com/advisories/GHSA-qv8p-v9qw-wc7g

reference_id

GHSA-qv8p-v9qw-wc7g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qv8p-v9qw-wc7g

fixed_packages

url	pkg:deb/debian/rails@2.3.14?distro=trixie
purl	pkg:deb/debian/rails@2.3.14?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2012-1098, GHSA-qv8p-v9qw-wc7g, OSV-79726

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-va9q-fjn6-yqee

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.14%3Fdistro=trixie

Package Instance