Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie

Type deb

Namespace debian

Name rails

Version 2:6.0.3.7+dfsg-2+deb11u1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2:6.0.3.7+dfsg-2+deb11u3

Latest_non_vulnerable_version 2:7.2.3.1+dfsg-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1bxs-yghe-cyck

vulnerability_id VCID-1bxs-yghe-cyck

summary

URL Redirection to Untrusted Site ('Open Redirect')
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22942.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22942

reference_id

reference_type

scores

value	0.00533
scoring_system	epss
scoring_elements	0.67413
published_at	2026-04-16T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67378
published_at	2026-04-13T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67412
published_at	2026-04-12T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67424
published_at	2026-04-11T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67403
published_at	2026-04-09T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.6739
published_at	2026-04-08T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67361
published_at	2026-04-04T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67339
published_at	2026-04-07T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67302
published_at	2026-04-01T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67402
published_at	2026-04-21T12:55:00Z

value	0.00533
scoring_system	epss
scoring_elements	0.67425
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/wB5tRn7h36c

reference_url

https://rubygems.org/gems/actionpack

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubygems.org/gems/actionpack

reference_url

https://security.netapp.com/advisory/ntap-20240202-0005

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0005

reference_url	https://security.netapp.com/advisory/ntap-20240202-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240202-0005/

reference_url

https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released

reference_url	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/
reference_id
reference_type
scores
url	https://weblog.rubyonrails.org/2021/8/19/Rails-6-0-4-1-and-6-1-4-1-have-been-released/

reference_url

https://www.debian.org/security/2023/dsa-5372

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5372

reference_url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/12/14/5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1995940
reference_id	1995940
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1995940

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586
reference_id	992586
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992586

reference_url

https://security.archlinux.org/AVG-2492

reference_id

AVG-2492

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2492

reference_url

https://security.archlinux.org/AVG-2493

reference_id

AVG-2493

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2493

reference_url

https://access.redhat.com/security/cve/cve-2021-22942

reference_id

CVE-2021-22942

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2021-22942

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22942

reference_id

CVE-2021-22942

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22942

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml

reference_id

CVE-2021-22942.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-22942.yml

reference_url

https://github.com/advisories/GHSA-2rqw-v265-jf8c

reference_id

GHSA-2rqw-v265-jf8c

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2rqw-v265-jf8c

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.1%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.1%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.1%252Bdfsg-3%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-22942, GHSA-2rqw-v265-jf8c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bxs-yghe-cyck

url VCID-1x8k-t8mr-3fgp

vulnerability_id VCID-1x8k-t8mr-3fgp

summary

URL Redirection to Untrusted Site ('Open Redirect')
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44528.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44528

reference_id

reference_type

scores

value	0.25125
scoring_system	epss
scoring_elements	0.96194
published_at	2026-04-21T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96193
published_at	2026-04-18T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96188
published_at	2026-04-16T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.9618
published_at	2026-04-13T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96178
published_at	2026-04-12T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96175
published_at	2026-04-09T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.9615
published_at	2026-04-02T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96142
published_at	2026-04-01T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96171
published_at	2026-04-08T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96161
published_at	2026-04-07T12:55:00Z

value	0.25125
scoring_system	epss
scoring_elements	0.96158
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/blob/v6.1.4.2/actionpack/CHANGELOG.md#rails-6142-december-14-2021

reference_url

https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815

reference_url

https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2021-44528.yml

reference_url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ

reference_url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/vG9gz3nk1pM/m/7-NU4MNrDAAJ?utm_medium=email&utm_source=footer

reference_url

https://security.netapp.com/advisory/ntap-20240208-0003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240208-0003

reference_url	https://security.netapp.com/advisory/ntap-20240208-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240208-0003/

reference_url

https://www.debian.org/security/2023/dsa-5372

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5372

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817
reference_id	1001817
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001817

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2034266
reference_id	2034266
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2034266

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-44528

reference_id

CVE-2021-44528

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-44528

reference_url

https://github.com/advisories/GHSA-qphc-hf5q-v8fc

reference_id

GHSA-qphc-hf5q-v8fc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qphc-hf5q-v8fc

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.6%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2021-44528, GHSA-qphc-hf5q-v8fc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1x8k-t8mr-3fgp

url VCID-63gy-6njy-kbd8

vulnerability_id VCID-63gy-6njy-kbd8

summary

ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch. Specially crafted cookies, in combination with a specially crafted `X_FORWARDED_HOST` header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22792.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22792

reference_id

reference_type

scores

value	0.02264
scoring_system	epss
scoring_elements	0.84652
published_at	2026-04-21T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85729
published_at	2026-04-16T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85707
published_at	2026-04-13T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85711
published_at	2026-04-12T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85715
published_at	2026-04-11T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.8567
published_at	2026-04-07T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85734
published_at	2026-04-18T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85646
published_at	2026-04-02T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85701
published_at	2026-04-09T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85689
published_at	2026-04-08T12:55:00Z

value	0.02639
scoring_system	epss
scoring_elements	0.85663
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/

url

https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22792.yml

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url

https://security.netapp.com/advisory/ntap-20240202-0007

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0007

reference_url

https://www.debian.org/security/2023/dsa-5372

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/

url

https://www.debian.org/security/2023/dsa-5372

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164800
reference_id	2164800
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164800

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22792

reference_id

CVE-2023-22792

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22792

reference_url

https://github.com/advisories/GHSA-p84v-45xj-wwqj

reference_id

GHSA-p84v-45xj-wwqj

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p84v-45xj-wwqj

reference_url

https://security.netapp.com/advisory/ntap-20240202-0007/

reference_id

ntap-20240202-0007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T20:30:13Z/

url

https://security.netapp.com/advisory/ntap-20240202-0007/

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22792, GHSA-p84v-45xj-wwqj, GMS-2023-58

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63gy-6njy-kbd8

url VCID-6ku5-mtgz-zygw

vulnerability_id VCID-6ku5-mtgz-zygw

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22796.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22796

reference_id

reference_type

scores

value	0.01484
scoring_system	epss
scoring_elements	0.81049
published_at	2026-04-21T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82406
published_at	2026-04-02T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82424
published_at	2026-04-04T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.8242
published_at	2026-04-07T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82448
published_at	2026-04-08T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82454
published_at	2026-04-09T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82473
published_at	2026-04-11T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82468
published_at	2026-04-12T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.82463
published_at	2026-04-13T12:55:00Z

value	0.01733
scoring_system	epss
scoring_elements	0.825
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22796

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/

url

https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8

reference_url

https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/a7cda7e6aa5334ab41b1f4b0f671be931be946ef

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164736
reference_id	2164736
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164736

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22796

reference_id

CVE-2023-22796

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22796

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml

reference_id

CVE-2023-22796.YML

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-22796.yml

reference_url

https://github.com/advisories/GHSA-j6gc-792m-qgm2

reference_id

GHSA-j6gc-792m-qgm2

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j6gc-792m-qgm2

reference_url

https://security.netapp.com/advisory/ntap-20240202-0009/

reference_id

ntap-20240202-0009

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-05T21:51:29Z/

url

https://security.netapp.com/advisory/ntap-20240202-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4341
reference_id	RHSA-2023:4341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4341

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22796, GHSA-j6gc-792m-qgm2, GMS-2023-61

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ku5-mtgz-zygw

url VCID-ce39-j83r-6ug9

vulnerability_id VCID-ce39-j83r-6ug9

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22577.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-22577

reference_id

reference_type

scores

value	0.00287
scoring_system	epss
scoring_elements	0.52126
published_at	2026-04-04T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52204
published_at	2026-04-18T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52201
published_at	2026-04-16T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5216
published_at	2026-04-13T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52175
published_at	2026-04-12T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52192
published_at	2026-04-11T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52141
published_at	2026-04-09T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52145
published_at	2026-04-08T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52091
published_at	2026-04-07T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52099
published_at	2026-04-02T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52527
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec

reference_url

https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508

reference_url

https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8198d7c4accad0b6ba956b9d59528534a289866b

reference_url

https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809

reference_url

https://github.com/rails/rails/pull/44635

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/pull/44635

reference_url

https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/NuFRKaN5swI

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_url

https://security.netapp.com/advisory/ntap-20221118-0002

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221118-0002

reference_url	https://security.netapp.com/advisory/ntap-20221118-0002/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221118-0002/

reference_url

https://www.debian.org/security/2023/dsa-5372

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5372

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941
reference_id	1011941
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011941

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2080302
reference_id	2080302
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2080302

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-22577

reference_id

CVE-2022-22577

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-22577

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml

reference_id

CVE-2022-22577.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-22577.yml

reference_url

https://github.com/advisories/GHSA-mm33-5vfq-3mm3

reference_id

GHSA-mm33-5vfq-3mm3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mm33-5vfq-3mm3

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-22577, GHSA-mm33-5vfq-3mm3, GMS-2022-1137

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ce39-j83r-6ug9

url VCID-drg6-gj1f-h7ea

vulnerability_id VCID-drg6-gj1f-h7ea

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21831.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-21831

reference_id

reference_type

scores

value	0.0142
scoring_system	epss
scoring_elements	0.8062
published_at	2026-04-21T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80616
published_at	2026-04-18T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80614
published_at	2026-04-16T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80585
published_at	2026-04-13T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80592
published_at	2026-04-12T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80589
published_at	2026-04-09T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80579
published_at	2026-04-08T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.8055
published_at	2026-04-07T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80559
published_at	2026-04-04T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80537
published_at	2026-04-02T12:55:00Z

value	0.0142
scoring_system	epss
scoring_elements	0.80606
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml

reference_url

https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubysec.com/advisories/CVE-2022-21831

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://rubysec.com/advisories/CVE-2022-21831

reference_url

https://security.netapp.com/advisory/ntap-20221118-0001

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20221118-0001

reference_url	https://security.netapp.com/advisory/ntap-20221118-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20221118-0001/

reference_url

https://www.debian.org/security/2023/dsa-5372

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5372

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940
reference_id	1011940
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2064747
reference_id	2064747
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2064747

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-21831

reference_id

CVE-2022-21831

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-21831

reference_url	https://rubysec.com/advisories/CVE-2022-21831/
reference_id	CVE-2022-21831
reference_type
scores
url	https://rubysec.com/advisories/CVE-2022-21831/

reference_url

https://github.com/advisories/GHSA-w749-p3v6-hccq

reference_id

GHSA-w749-p3v6-hccq

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-w749-p3v6-hccq

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.7%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.7%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.7%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-21831, GHSA-w749-p3v6-hccq, GMS-2022-301

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drg6-gj1f-h7ea

url VCID-hppf-a715-r7b2

vulnerability_id VCID-hppf-a715-r7b2

summary

ReDoS based DoS vulnerability in Action Dispatch
There is a possible regular expression based DoS vulnerability in Action Dispatch related to the If-None-Match header. This vulnerability has been assigned the CVE identifier CVE-2023-22795. A specially crafted HTTP `If-None-Match` header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22795.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22795

reference_id

reference_type

scores

value	0.01304
scoring_system	epss
scoring_elements	0.79782
published_at	2026-04-21T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81303
published_at	2026-04-16T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81266
published_at	2026-04-13T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81274
published_at	2026-04-12T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81288
published_at	2026-04-11T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81267
published_at	2026-04-09T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81262
published_at	2026-04-08T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81234
published_at	2026-04-07T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.81305
published_at	2026-04-18T12:55:00Z

value	0.01523
scoring_system	epss
scoring_elements	0.8121
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8d82687f3b04b2803320b64f985308239a8c3d2f

reference_url

https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/8dc45950619a4c64d16fb9370570c996d201f9b0

reference_url

https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/cd461c3e64e09cdcb1e379d1c35423c5e2caa592

reference_url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v6.1.7.1

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-22795.yml

reference_url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164799
reference_id	2164799
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164799

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22795

reference_id

CVE-2023-22795

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22795

reference_url

https://github.com/advisories/GHSA-8xww-x3g3-6jcv

reference_id

GHSA-8xww-x3g3-6jcv

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8xww-x3g3-6jcv

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22795, GHSA-8xww-x3g3-6jcv, GMS-2023-56

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hppf-a715-r7b2

url VCID-jwun-grgg-2uet

vulnerability_id VCID-jwun-grgg-2uet

summary

Exposure of information in Action Pack
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23633.json

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23634.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23633

reference_id

reference_type

scores

value	0.00303
scoring_system	epss
scoring_elements	0.53606
published_at	2026-04-21T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58667
published_at	2026-04-12T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58687
published_at	2026-04-11T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.5868
published_at	2026-04-16T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58623
published_at	2026-04-02T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58643
published_at	2026-04-04T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.5861
published_at	2026-04-07T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58669
published_at	2026-04-09T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58662
published_at	2026-04-08T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58648
published_at	2026-04-13T12:55:00Z

value	0.00367
scoring_system	epss
scoring_elements	0.58685
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23633

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23634

reference_id

reference_type

scores

value	0.00441
scoring_system	epss
scoring_elements	0.63284
published_at	2026-04-11T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63256
published_at	2026-04-21T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63277
published_at	2026-04-18T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.6327
published_at	2026-04-16T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63233
published_at	2026-04-13T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63269
published_at	2026-04-12T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63267
published_at	2026-04-09T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.6325
published_at	2026-04-08T12:55:00Z

value	0.00441
scoring_system	epss
scoring_elements	0.63198
published_at	2026-04-07T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63763
published_at	2026-04-02T12:55:00Z

value	0.00453
scoring_system	epss
scoring_elements	0.63789
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23634

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-23633-possible-exposure-of-information-vulnerability-in-action-pack/80016

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/puma/puma

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma

reference_url

https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/f9a2ad03943d5c2ba54e1d45f155442b519c75da

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2022-23633.yml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-23634.yml

reference_url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ

reference_url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1

reference_url

https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/

reference_url

https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/2/11/Rails-7-0-2-2-6-1-4-6-6-0-4-6-and-5-2-6-2-have-been-released

reference_url

https://security.gentoo.org/glsa/202208-28

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202208-28

reference_url

https://security.netapp.com/advisory/ntap-20240119-0013

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240119-0013

reference_url	https://security.netapp.com/advisory/ntap-20240119-0013/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240119-0013/

reference_url

https://www.debian.org/security/2022/dsa-5146

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2022/dsa-5146

reference_url

https://www.debian.org/security/2023/dsa-5372

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5372

reference_url

http://www.openwall.com/lists/oss-security/2022/02/11/5

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2022/02/11/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389
reference_id	1005389
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005389

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391
reference_id	1005391
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005391

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2054211
reference_id	2054211
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2054211

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2063149
reference_id	2063149
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2063149

reference_url

https://security.archlinux.org/AVG-2764

reference_id

AVG-2764

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2764

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23633

reference_id

CVE-2022-23633

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23633

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23634

reference_id

CVE-2022-23634

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23634

reference_url

https://github.com/advisories/GHSA-rmj8-8hhh-gv5h

reference_id

GHSA-rmj8-8hhh-gv5h

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rmj8-8hhh-gv5h

reference_url

https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

reference_id

GHSA-rmj8-8hhh-gv5h

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

reference_url

https://github.com/advisories/GHSA-wh98-p28r-vrc9

reference_id

GHSA-wh98-p28r-vrc9

reference_type

scores

value	8.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-wh98-p28r-vrc9

reference_url

https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

reference_id

GHSA-wh98-p28r-vrc9

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/security/advisories/GHSA-wh98-p28r-vrc9

reference_url	https://access.redhat.com/errata/RHSA-2022:5498
reference_id	RHSA-2022:5498
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5498

reference_url	https://usn.ubuntu.com/6682-1/
reference_id	USN-6682-1
reference_type
scores
url	https://usn.ubuntu.com/6682-1/

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.4.6%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-23633, CVE-2022-23634, GHSA-rmj8-8hhh-gv5h, GHSA-wh98-p28r-vrc9

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwun-grgg-2uet

url VCID-p5mc-r1rg-5ff7

vulnerability_id VCID-p5mc-r1rg-5ff7

summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27777.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-27777

reference_id

reference_type

scores

value	0.00911
scoring_system	epss
scoring_elements	0.75768
published_at	2026-04-02T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75849
published_at	2026-04-21T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75864
published_at	2026-04-18T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.7586
published_at	2026-04-16T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75823
published_at	2026-04-13T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75829
published_at	2026-04-12T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75848
published_at	2026-04-11T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75801
published_at	2026-04-04T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75824
published_at	2026-04-09T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.7578
published_at	2026-04-07T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75812
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/649516ce0feb699ae06a8c5e81df75d460cc9a85

reference_url

https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

reference_url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html

reference_url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

reference_url

https://www.debian.org/security/2023/dsa-5372

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5372

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982
reference_id	1016982
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016982

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2080296
reference_id	2080296
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2080296

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-27777

reference_id

CVE-2022-27777

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-27777

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml

reference_id

CVE-2022-27777.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2022-27777.yml

reference_url

https://github.com/advisories/GHSA-ch3h-j2vf-95pv

reference_id

GHSA-ch3h-j2vf-95pv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-ch3h-j2vf-95pv

reference_url	https://access.redhat.com/errata/RHSA-2023:2097
reference_id	RHSA-2023:2097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2097

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.6.1%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2022-27777, GHSA-ch3h-j2vf-95pv, GMS-2022-1138

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5mc-r1rg-5ff7

url VCID-t9yh-ss8z-e3cb

vulnerability_id VCID-t9yh-ss8z-e3cb

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-22794.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22794

reference_id

reference_type

scores

value	0.05757
scoring_system	epss
scoring_elements	0.90477
published_at	2026-04-21T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.9124
published_at	2026-04-16T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91216
published_at	2026-04-13T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.9117
published_at	2026-04-02T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91239
published_at	2026-04-18T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91186
published_at	2026-04-07T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91179
published_at	2026-04-04T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91213
published_at	2026-04-11T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.91206
published_at	2026-04-09T12:55:00Z

value	0.06659
scoring_system	epss
scoring_elements	0.912
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22942

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44528

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21831

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22577

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27777

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22794

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22795

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22796

reference_url

https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117

reference_url

https://github.com/rails/rails

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails

reference_url

https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de

reference_url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/releases/tag/v7.0.4.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml

reference_url

https://security.netapp.com/advisory/ntap-20240202-0008

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240202-0008

reference_url	https://security.netapp.com/advisory/ntap-20240202-0008/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20240202-0008/

reference_url

https://www.debian.org/security/2023/dsa-5372

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2023/dsa-5372

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id	1030050
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164785
reference_id	2164785
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164785

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-22794

reference_id

CVE-2023-22794

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-22794

reference_url

https://github.com/advisories/GHSA-hq7p-j377-6v63

reference_id

GHSA-hq7p-j377-6v63

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hq7p-j377-6v63

reference_url	https://access.redhat.com/errata/RHSA-2023:6818
reference_id	RHSA-2023:6818
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6818

fixed_packages

url	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
purl	pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie

url	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie

url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie

url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4tzv-1t1b-t3g3

vulnerability	VCID-5tky-d2en-u7c7

vulnerability	VCID-96qr-hdbp-p7ff

vulnerability	VCID-a6z9-5n6k-2kak

vulnerability	VCID-ad6q-vtdf-syb6

vulnerability	VCID-hatd-vkun-13hj

vulnerability	VCID-qxe4-dubt-1kfp

vulnerability	VCID-sarm-n22v-akcm

vulnerability	VCID-wpmk-wgpm-cuee

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie

url	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie

aliases CVE-2023-22794, GHSA-hq7p-j377-6v63, GMS-2023-60

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9yh-ss8z-e3cb

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u1%3Fdistro=trixie

Package Instance