Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
Typedeb
Namespacedebian
Namerails
Version2:6.0.3.7+dfsg-2+deb11u3
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2:6.0.3.7+dfsg-2+deb11u4
Latest_non_vulnerable_version2:7.2.3.1+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-3hur-esmy-x3hr
vulnerability_id VCID-3hur-esmy-x3hr
summary 
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
There is a possible ReDoS vulnerability in the plain_text_for_blockquote_node helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888.

Impact
------

Carefully crafted text can cause the plain_text_for_blockquote_node helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users can avoid calling `plain_text_for_blockquote_node` or upgrade to Ruby 3.2

Credits
-------

Thanks to [ooooooo_q](https://hackerone.com/ooooooo_q) for the report!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47888.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47888
reference_id
reference_type
scores
0
value 0.00517
scoring_system epss
scoring_elements 0.66719
published_at 2026-04-21T12:55:00Z
1
value 0.00517
scoring_system epss
scoring_elements 0.66734
published_at 2026-04-18T12:55:00Z
2
value 0.00517
scoring_system epss
scoring_elements 0.66721
published_at 2026-04-16T12:55:00Z
3
value 0.00517
scoring_system epss
scoring_elements 0.66687
published_at 2026-04-13T12:55:00Z
4
value 0.00517
scoring_system epss
scoring_elements 0.66717
published_at 2026-04-12T12:55:00Z
5
value 0.00517
scoring_system epss
scoring_elements 0.6673
published_at 2026-04-11T12:55:00Z
6
value 0.00517
scoring_system epss
scoring_elements 0.66646
published_at 2026-04-07T12:55:00Z
7
value 0.00517
scoring_system epss
scoring_elements 0.66695
published_at 2026-04-08T12:55:00Z
8
value 0.00517
scoring_system epss
scoring_elements 0.66672
published_at 2026-04-04T12:55:00Z
9
value 0.00517
scoring_system epss
scoring_elements 0.6671
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47888
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47888
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/security/advisories/GHSA-wwhv-wxv9-rpgw
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actiontext/CVE-2024-47888.yml
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319035
reference_id 2319035
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319035
9
reference_url https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468
reference_id 4f4312b21a6448336de7c7ab0c4d94b378def468
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/commit/4f4312b21a6448336de7c7ab0c4d94b378def468
10
reference_url https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822
reference_id 727b0946c3cab04b825c039435eac963d4e91822
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/commit/727b0946c3cab04b825c039435eac963d4e91822
11
reference_url https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e
reference_id ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/commit/ba286c0a310b7f19cf5cac2a7a4c9def5cf9882e
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47888
reference_id CVE-2024-47888
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-47888
13
reference_url https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5
reference_id de0df7caebd9cb238a6f10dca462dc5f8d5e98b5
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-16T20:45:54Z/
url https://github.com/rails/rails/commit/de0df7caebd9cb238a6f10dca462dc5f8d5e98b5
14
reference_url https://github.com/advisories/GHSA-wwhv-wxv9-rpgw
reference_id GHSA-wwhv-wxv9-rpgw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwhv-wxv9-rpgw
15
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
8
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-47888, GHSA-wwhv-wxv9-rpgw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hur-esmy-x3hr
1
url VCID-6pxd-xsaw-tuer
vulnerability_id VCID-6pxd-xsaw-tuer
summary 
Active Support Possibly Discloses Locally Encrypted Files
There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037.

Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38037.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38037
reference_id
reference_type
scores
0
value 0.00076
scoring_system epss
scoring_elements 0.2277
published_at 2026-04-21T12:55:00Z
1
value 0.00076
scoring_system epss
scoring_elements 0.2281
published_at 2026-04-18T12:55:00Z
2
value 0.00076
scoring_system epss
scoring_elements 0.22816
published_at 2026-04-16T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22803
published_at 2026-04-13T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22911
published_at 2026-04-02T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.22859
published_at 2026-04-12T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.22896
published_at 2026-04-11T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22876
published_at 2026-04-09T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.22823
published_at 2026-04-08T12:55:00Z
9
value 0.00076
scoring_system epss
scoring_elements 0.22747
published_at 2026-04-07T12:55:00Z
10
value 0.00076
scoring_system epss
scoring_elements 0.22954
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38037
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38037
3
reference_url https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:35:42Z/
url https://discuss.rubyonrails.org/t/cve-2023-38037-possible-file-disclosure-of-locally-encrypted-files/83544
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731
6
reference_url https://github.com/rails/rails/releases/tag/v7.0.7.1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements
1
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.7.1
7
reference_url https://security.netapp.com/advisory/ntap-20250214-0010
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250214-0010
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057
reference_id 1051057
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051057
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2236261
reference_id 2236261
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2236261
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38037
reference_id CVE-2023-38037
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38037
11
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml
reference_id CVE-2023-38037.YML
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml
12
reference_url https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
reference_id GHSA-cr5q-6q9f-rq6q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cr5q-6q9f-rq6q
13
reference_url https://access.redhat.com/errata/RHSA-2023:7720
reference_id RHSA-2023:7720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7720
14
reference_url https://access.redhat.com/errata/RHSA-2024:0268
reference_id RHSA-2024:0268
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0268
fixed_packages
0
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
8
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2023-38037, GHSA-cr5q-6q9f-rq6q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6pxd-xsaw-tuer
2
url VCID-dd9p-x7k3-37ea
vulnerability_id VCID-dd9p-x7k3-37ea
summary 
Actionpack has possible cross-site scripting vulnerability via User Supplied Values to redirect_to
The `redirect_to` method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. This vulnerability has been assigned the CVE identifier CVE-2023-28362.

Versions Affected: All. Not affected: None Fixed Versions: 7.0.5.1, 6.1.7.4
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28362.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28362
reference_id
reference_type
scores
0
value 0.00224
scoring_system epss
scoring_elements 0.4516
published_at 2026-04-21T12:55:00Z
1
value 0.00224
scoring_system epss
scoring_elements 0.45208
published_at 2026-04-18T12:55:00Z
2
value 0.00224
scoring_system epss
scoring_elements 0.45215
published_at 2026-04-16T12:55:00Z
3
value 0.00224
scoring_system epss
scoring_elements 0.45164
published_at 2026-04-13T12:55:00Z
4
value 0.00224
scoring_system epss
scoring_elements 0.45162
published_at 2026-04-12T12:55:00Z
5
value 0.00224
scoring_system epss
scoring_elements 0.45194
published_at 2026-04-11T12:55:00Z
6
value 0.00224
scoring_system epss
scoring_elements 0.45173
published_at 2026-04-08T12:55:00Z
7
value 0.00224
scoring_system epss
scoring_elements 0.45155
published_at 2026-04-02T12:55:00Z
8
value 0.00224
scoring_system epss
scoring_elements 0.45174
published_at 2026-04-09T12:55:00Z
9
value 0.00224
scoring_system epss
scoring_elements 0.4512
published_at 2026-04-07T12:55:00Z
10
value 0.00224
scoring_system epss
scoring_elements 0.45177
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28362
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28362
3
reference_url https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements
1
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
6
reference_url https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441
7
reference_url https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5
8
reference_url https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/c9ab9b32bcdcfd8bcd55907f6c7b20b4e004cc23
9
reference_url https://security.netapp.com/advisory/ntap-20250502-0009
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250502-0009
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058
reference_id 1051058
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051058
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2217785
reference_id 2217785
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2217785
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28362
reference_id CVE-2023-28362
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28362
13
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml
reference_id CVE-2023-28362.YML
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2023-28362.yml
14
reference_url https://github.com/advisories/GHSA-4g8v-vg43-wpgf
reference_id GHSA-4g8v-vg43-wpgf
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T21:26:42Z/
url https://github.com/advisories/GHSA-4g8v-vg43-wpgf
15
reference_url https://access.redhat.com/errata/RHSA-2023:7851
reference_id RHSA-2023:7851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7851
fixed_packages
0
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
8
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2023-28362, GHSA-4g8v-vg43-wpgf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dd9p-x7k3-37ea
3
url VCID-g3rk-djae-pkeh
vulnerability_id VCID-g3rk-djae-pkeh
summary 
Possible Content Security Policy bypass in Action Dispatch
There is a possible Cross Site Scripting (XSS) vulnerability  in the `content_security_policy` helper in Action Pack.

Impact
------
Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input.

Credits
-------
Thanks to [ryotak](https://hackerone.com/ryotak) for the report!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-54133.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-54133
reference_id
reference_type
scores
0
value 0.00122
scoring_system epss
scoring_elements 0.31466
published_at 2026-04-04T12:55:00Z
1
value 0.00122
scoring_system epss
scoring_elements 0.31424
published_at 2026-04-02T12:55:00Z
2
value 0.0019
scoring_system epss
scoring_elements 0.40787
published_at 2026-04-21T12:55:00Z
3
value 0.0019
scoring_system epss
scoring_elements 0.40834
published_at 2026-04-07T12:55:00Z
4
value 0.0019
scoring_system epss
scoring_elements 0.40883
published_at 2026-04-08T12:55:00Z
5
value 0.0019
scoring_system epss
scoring_elements 0.4089
published_at 2026-04-09T12:55:00Z
6
value 0.0019
scoring_system epss
scoring_elements 0.40906
published_at 2026-04-11T12:55:00Z
7
value 0.0019
scoring_system epss
scoring_elements 0.40871
published_at 2026-04-12T12:55:00Z
8
value 0.0019
scoring_system epss
scoring_elements 0.40852
published_at 2026-04-13T12:55:00Z
9
value 0.0019
scoring_system epss
scoring_elements 0.40895
published_at 2026-04-16T12:55:00Z
10
value 0.0019
scoring_system epss
scoring_elements 0.40865
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-54133
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54133
3
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
4
reference_url https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/2e3f41e4538b9ca1044357f6644f037bbb7c6c49
5
reference_url https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/3da2479cfe1e00177114b17e496213c40d286b3a
6
reference_url https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/5558e72f22fc69c1c407b31ac5fb3b4ce087b542
7
reference_url https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/commit/cb16a3bb515b5d769f73926d9757270ace691f1d
8
reference_url https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-11T16:05:59Z/
url https://github.com/rails/rails/security/advisories/GHSA-vfm5-rmrh-j26v
9
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-54133.yml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-54133
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-54133
11
reference_url https://security.netapp.com/advisory/ntap-20250306-0010
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250306-0010
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755
reference_id 1089755
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089755
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2331619
reference_id 2331619
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2331619
14
reference_url https://github.com/advisories/GHSA-vfm5-rmrh-j26v
reference_id GHSA-vfm5-rmrh-j26v
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfm5-rmrh-j26v
fixed_packages
0
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
8
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-54133, GHSA-vfm5-rmrh-j26v
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3rk-djae-pkeh
4
url VCID-sfyc-jewr-wuf5
vulnerability_id VCID-sfyc-jewr-wuf5
summary 
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
There is a possible ReDoS vulnerability in Action Controller's HTTP Token authentication. This vulnerability has been assigned the CVE identifier CVE-2024-47887.

Impact
------

For applications using HTTP Token authentication via `authenticate_or_request_with_http_token` or similar, a carefully crafted header may cause header parsing to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.

Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users on Ruby 3.2 are unaffected by this issue.


Credits
-------
Thanks to [scyoon](https://hackerone.com/scyoon) for reporting
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47887.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47887
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.5296
published_at 2026-04-21T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.5287
published_at 2026-04-07T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.52976
published_at 2026-04-18T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.5297
published_at 2026-04-16T12:55:00Z
4
value 0.00296
scoring_system epss
scoring_elements 0.52932
published_at 2026-04-13T12:55:00Z
5
value 0.00296
scoring_system epss
scoring_elements 0.52948
published_at 2026-04-12T12:55:00Z
6
value 0.00296
scoring_system epss
scoring_elements 0.52964
published_at 2026-04-11T12:55:00Z
7
value 0.00296
scoring_system epss
scoring_elements 0.52914
published_at 2026-04-09T12:55:00Z
8
value 0.00296
scoring_system epss
scoring_elements 0.5292
published_at 2026-04-08T12:55:00Z
9
value 0.00296
scoring_system epss
scoring_elements 0.52876
published_at 2026-04-02T12:55:00Z
10
value 0.00296
scoring_system epss
scoring_elements 0.52901
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47887
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47887
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/security/advisories/GHSA-vfg9-r3fq-jvx4
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-47887.yml
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319034
reference_id 2319034
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319034
9
reference_url https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049
reference_id 56b2fc3302836405b496e196a8d5fc0195e55049
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/56b2fc3302836405b496e196a8d5fc0195e55049
10
reference_url https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a
reference_id 7c1398854d51f9bb193fb79f226647351133d08a
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/7c1398854d51f9bb193fb79f226647351133d08a
11
reference_url https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
reference_id 8e057db25bff1dc7a98e9ae72e0083825b9ac545
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/8e057db25bff1dc7a98e9ae72e0083825b9ac545
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47887
reference_id CVE-2024-47887
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-47887
13
reference_url https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
reference_id f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:34:50Z/
url https://github.com/rails/rails/commit/f4dc83d8926509d0958ec21fcdbc2e7df3d32ce2
14
reference_url https://github.com/advisories/GHSA-vfg9-r3fq-jvx4
reference_id GHSA-vfg9-r3fq-jvx4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vfg9-r3fq-jvx4
15
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
8
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-47887, GHSA-vfg9-r3fq-jvx4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfyc-jewr-wuf5
5
url VCID-sgdb-985e-4uej
vulnerability_id VCID-sgdb-985e-4uej
summary 
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
There is a possible ReDoS vulnerability in the query parameter filtering routines of Action Dispatch. This vulnerability has been assigned the CVE identifier CVE-2024-41128.

Impact
------

Carefully crafted query parameters can cause query parameter filtering to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 depends on Ruby 3.2 or greater so is unaffected.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users on Ruby 3.2 are unaffected by this issue.


Credits
-------

Thanks to [scyoon](https://hackerone.com/scyoon) for the report and patches!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41128.json
1
reference_url https://access.redhat.com/security/cve/cve-2024-41128
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://access.redhat.com/security/cve/cve-2024-41128
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41128
reference_id
reference_type
scores
0
value 0.00605
scoring_system epss
scoring_elements 0.69632
published_at 2026-04-12T12:55:00Z
1
value 0.00605
scoring_system epss
scoring_elements 0.69647
published_at 2026-04-11T12:55:00Z
2
value 0.00605
scoring_system epss
scoring_elements 0.69624
published_at 2026-04-09T12:55:00Z
3
value 0.00605
scoring_system epss
scoring_elements 0.69608
published_at 2026-04-08T12:55:00Z
4
value 0.00605
scoring_system epss
scoring_elements 0.69557
published_at 2026-04-07T12:55:00Z
5
value 0.00605
scoring_system epss
scoring_elements 0.69578
published_at 2026-04-04T12:55:00Z
6
value 0.00605
scoring_system epss
scoring_elements 0.69666
published_at 2026-04-18T12:55:00Z
7
value 0.00605
scoring_system epss
scoring_elements 0.69618
published_at 2026-04-13T12:55:00Z
8
value 0.00605
scoring_system epss
scoring_elements 0.69562
published_at 2026-04-02T12:55:00Z
9
value 0.00605
scoring_system epss
scoring_elements 0.69648
published_at 2026-04-21T12:55:00Z
10
value 0.00605
scoring_system epss
scoring_elements 0.69657
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41128
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319036
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2319036
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41128
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/27121e80f6dbb260f5a9f0452cd8411cb681f075
8
reference_url https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/b0fe99fa854ec8ff4498e75779b458392d1560ef
9
reference_url https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/b1241f468d1b32235f438c2e2203386e6efd3891
10
reference_url https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/commit/fb493bebae1a9b83e494fe7edbf01f6167d606fd
11
reference_url https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T17:09:25Z/
url https://github.com/rails/rails/security/advisories/GHSA-x76w-6vjr-8xgj
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-41128.yml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41128
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41128
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
15
reference_url https://github.com/advisories/GHSA-x76w-6vjr-8xgj
reference_id GHSA-x76w-6vjr-8xgj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x76w-6vjr-8xgj
16
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
8
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-41128, GHSA-x76w-6vjr-8xgj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sgdb-985e-4uej
6
url VCID-sygb-mygd-s3gb
vulnerability_id VCID-sygb-mygd-s3gb
summary 
Duplicate
This advisory duplicates another.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-44566.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-44566
reference_id
reference_type
scores
0
value 0.02076
scoring_system epss
scoring_elements 0.83996
published_at 2026-04-21T12:55:00Z
1
value 0.02421
scoring_system epss
scoring_elements 0.8515
published_at 2026-04-16T12:55:00Z
2
value 0.02421
scoring_system epss
scoring_elements 0.85129
published_at 2026-04-13T12:55:00Z
3
value 0.02421
scoring_system epss
scoring_elements 0.85132
published_at 2026-04-12T12:55:00Z
4
value 0.02421
scoring_system epss
scoring_elements 0.85134
published_at 2026-04-11T12:55:00Z
5
value 0.02421
scoring_system epss
scoring_elements 0.8512
published_at 2026-04-09T12:55:00Z
6
value 0.02421
scoring_system epss
scoring_elements 0.85091
published_at 2026-04-07T12:55:00Z
7
value 0.02421
scoring_system epss
scoring_elements 0.85153
published_at 2026-04-18T12:55:00Z
8
value 0.02421
scoring_system epss
scoring_elements 0.8507
published_at 2026-04-02T12:55:00Z
9
value 0.02421
scoring_system epss
scoring_elements 0.85113
published_at 2026-04-08T12:55:00Z
10
value 0.02421
scoring_system epss
scoring_elements 0.85087
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-44566
2
reference_url https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/
url https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44566
4
reference_url https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-25T13:43:31Z/
url https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
7
reference_url https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf
8
reference_url https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/82bcdc011e2ff674e7dd8fd8cee3a831c908d29b
9
reference_url https://github.com/rails/rails/releases/tag/v6.1.7.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v6.1.7.1
10
reference_url https://github.com/rails/rails/releases/tag/v7.0.4.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/releases/tag/v7.0.4.1
11
reference_url https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://mailchi.mp/railslts/rails-lts-multiple-dos-vulnerabilities-in-rails-rack-and-globalid
12
reference_url https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://makandracards.com/railslts/508019-rails-5-2-lts-changelog#section-jan-20th-2023-rails-version-5-2-8-15
13
reference_url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubyonrails.org/2023/1/17/Rails-Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
reference_id 1030050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030050
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2164789
reference_id 2164789
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2164789
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-44566
reference_id CVE-2022-44566
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-44566
17
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml
reference_id CVE-2022-44566.YML
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-44566.yml
18
reference_url https://github.com/advisories/GHSA-579w-22j4-4749
reference_id GHSA-579w-22j4-4749
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-579w-22j4-4749
19
reference_url https://access.redhat.com/errata/RHSA-2023:6818
reference_id RHSA-2023:6818
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6818
fixed_packages
0
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.3%252Bdfsg-1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2022-44566, GHSA-579w-22j4-4749, GMS-2023-59
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sygb-mygd-s3gb
7
url VCID-yy6t-ybeu-qycc
vulnerability_id VCID-yy6t-ybeu-qycc
summary 
Possible ReDoS vulnerability in block_format in Action Mailer
There is a possible ReDoS vulnerability in the block_format helper in Action Mailer. This vulnerability has been assigned the CVE identifier CVE-2024-47889.

Impact
------

Carefully crafted text can cause the block_format helper to take an unexpected amount of time, possibly resulting in a DoS vulnerability. All users running an affected release should either upgrade or apply the relevant patch immediately.

Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. Rails 8.0.0.beta1 requires Ruby 3.2 or greater so is unaffected.


Releases
--------
The fixed releases are available at the normal locations.

Workarounds
-----------
Users can avoid calling the `block_format` helper or upgrade to Ruby 3.2

Credits
-------

Thanks to yuki_osaki for the report!
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47889.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-47889
reference_id
reference_type
scores
0
value 0.00344
scoring_system epss
scoring_elements 0.57068
published_at 2026-04-21T12:55:00Z
1
value 0.00344
scoring_system epss
scoring_elements 0.57094
published_at 2026-04-16T12:55:00Z
2
value 0.00344
scoring_system epss
scoring_elements 0.57066
published_at 2026-04-13T12:55:00Z
3
value 0.00344
scoring_system epss
scoring_elements 0.5709
published_at 2026-04-18T12:55:00Z
4
value 0.00344
scoring_system epss
scoring_elements 0.57111
published_at 2026-04-11T12:55:00Z
5
value 0.00344
scoring_system epss
scoring_elements 0.57099
published_at 2026-04-09T12:55:00Z
6
value 0.00344
scoring_system epss
scoring_elements 0.57047
published_at 2026-04-02T12:55:00Z
7
value 0.00344
scoring_system epss
scoring_elements 0.57046
published_at 2026-04-07T12:55:00Z
8
value 0.00344
scoring_system epss
scoring_elements 0.57069
published_at 2026-04-04T12:55:00Z
9
value 0.00344
scoring_system epss
scoring_elements 0.57097
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-47889
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47889
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
5
reference_url https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/security/advisories/GHSA-h47h-mwp9-c6q6
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionmailer/CVE-2024-47889.yml
7
reference_url https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94
reference_id 0e5694f4d32544532d2301a9b4084eacb6986e94
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/commit/0e5694f4d32544532d2301a9b4084eacb6986e94
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
reference_id 1085376
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085376
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2319033
reference_id 2319033
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2319033
10
reference_url https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3
reference_id 3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/commit/3612e3eb3fbafed4f85e1c6ea4c7b6addbb0fdd3
11
reference_url https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9
reference_id 985f1923fa62806ff676e41de67c3b4552131ab9
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/commit/985f1923fa62806ff676e41de67c3b4552131ab9
12
reference_url https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e
reference_id be898cc996986decfe238341d96b2a6573b8fd2e
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-17T16:27:30Z/
url https://github.com/rails/rails/commit/be898cc996986decfe238341d96b2a6573b8fd2e
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-47889
reference_id CVE-2024-47889
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-47889
14
reference_url https://github.com/advisories/GHSA-h47h-mwp9-c6q6
reference_id GHSA-h47h-mwp9-c6q6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h47h-mwp9-c6q6
15
reference_url https://usn.ubuntu.com/7290-1/
reference_id USN-7290-1
reference_type
scores
url https://usn.ubuntu.com/7290-1/
fixed_packages
0
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-n8r7-wthv-fqaj
7
vulnerability VCID-qxe4-dubt-1kfp
8
vulnerability VCID-sarm-n22v-akcm
9
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u1%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
6
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie
7
url pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4tzv-1t1b-t3g3
1
vulnerability VCID-5tky-d2en-u7c7
2
vulnerability VCID-96qr-hdbp-p7ff
3
vulnerability VCID-a6z9-5n6k-2kak
4
vulnerability VCID-ad6q-vtdf-syb6
5
vulnerability VCID-hatd-vkun-13hj
6
vulnerability VCID-qxe4-dubt-1kfp
7
vulnerability VCID-sarm-n22v-akcm
8
vulnerability VCID-wpmk-wgpm-cuee
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie
8
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2024-47889, GHSA-h47h-mwp9-c6q6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yy6t-ybeu-qycc
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u3%3Fdistro=trixie