Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/10496?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10496?format=api", "vulnerability_id": "VCID-zydu-j9dg-fqdb", "summary": "Improper Input Validation\nA remote code execution vulnerability in development mode Rails can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.", "aliases": [ { "alias": "CVE-2019-5420" }, { "alias": "GHSA-m42h-mh85-4qgc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/937479?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037806?format=api", "purl": "pkg:deb/debian/rails@2:5.2.2.1%2Bdfsg-1%2Bdeb10u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-19fr-55kr-hyax" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1rxp-g9rz-4yb3" }, { "vulnerability": "VCID-1x8k-t8mr-3fgp" }, { "vulnerability": "VCID-31xv-z8c6-a7bg" }, { "vulnerability": "VCID-3hur-esmy-x3hr" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-6ku5-mtgz-zygw" }, { "vulnerability": "VCID-6pxd-xsaw-tuer" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-ce39-j83r-6ug9" }, { "vulnerability": "VCID-dd9p-x7k3-37ea" }, { "vulnerability": "VCID-drg6-gj1f-h7ea" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g3rk-djae-pkeh" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-p5mc-r1rg-5ff7" }, { "vulnerability": "VCID-sfyc-jewr-wuf5" }, { "vulnerability": "VCID-sgdb-985e-4uej" }, { "vulnerability": "VCID-sygb-mygd-s3gb" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-t9yh-ss8z-e3cb" }, { "vulnerability": "VCID-v9mt-t1pb-hybk" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-yy6t-ybeu-qycc" }, { "vulnerability": "VCID-yzpx-3gam-y3bu" }, { "vulnerability": "VCID-zqzx-avvt-wkhm" }, { "vulnerability": "VCID-zy7d-3db6-sydw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:5.2.2.1%252Bdfsg-1%252Bdeb10u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/937455?format=api", "purl": "pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-n8r7-wthv-fqaj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937453?format=api", "purl": "pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937458?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937456?format=api", "purl": "pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/937457?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3%2Bdfsg-3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4tzv-1t1b-t3g3" }, { "vulnerability": "VCID-5tky-d2en-u7c7" }, { "vulnerability": "VCID-96qr-hdbp-p7ff" }, { "vulnerability": "VCID-a6z9-5n6k-2kak" }, { "vulnerability": "VCID-ad6q-vtdf-syb6" }, { "vulnerability": "VCID-hatd-vkun-13hj" }, { "vulnerability": "VCID-qxe4-dubt-1kfp" }, { "vulnerability": "VCID-sarm-n22v-akcm" }, { "vulnerability": "VCID-wpmk-wgpm-cuee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3%252Bdfsg-3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1066847?format=api", "purl": "pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/35625?format=api", "purl": "pkg:gem/rails@5.2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35642?format=api", "purl": "pkg:gem/rails@6.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1xgz-hwng-n3eq" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-zy7d-3db6-sydw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35697?format=api", "purl": "pkg:gem/railties@5.2.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@5.2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/35699?format=api", "purl": "pkg:gem/railties@6.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@6.0.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035729?format=api", "purl": "pkg:deb/debian/rails@1.1.6-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-19fr-55kr-hyax" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1rgy-k7a9-m7au" }, { "vulnerability": "VCID-1rxp-g9rz-4yb3" }, { "vulnerability": "VCID-1x8k-t8mr-3fgp" }, { "vulnerability": "VCID-2efj-tf8d-dfck" }, { "vulnerability": "VCID-31xv-z8c6-a7bg" }, { "vulnerability": "VCID-333w-aacz-mfcr" }, { "vulnerability": "VCID-3hur-esmy-x3hr" }, { "vulnerability": "VCID-3m2y-wy1w-n7h1" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-3zdr-vasc-a7cn" }, { "vulnerability": "VCID-43f3-rxwm-fkgv" }, { "vulnerability": "VCID-49pq-vg95-jkh2" }, { "vulnerability": "VCID-4cky-r218-dkbb" }, { "vulnerability": "VCID-4epw-vk25-mfdw" }, { "vulnerability": "VCID-4he5-y1u4-gkd2" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-6ku5-mtgz-zygw" }, { "vulnerability": "VCID-6pxd-xsaw-tuer" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-7f5r-9h1g-nuch" }, { "vulnerability": "VCID-86jq-2md2-d7ah" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hq5-3usy-5fhq" }, { "vulnerability": "VCID-9hvm-2hnk-hyev" }, { "vulnerability": "VCID-9t7a-muwx-zyee" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-bjwf-uhyk-63aj" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-ca7u-t1y4-uuc7" }, { "vulnerability": "VCID-carc-ntrd-ebfe" }, { "vulnerability": "VCID-ce39-j83r-6ug9" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-cwa7-9d2t-rfhb" }, { "vulnerability": "VCID-d15q-6ukb-wfff" }, { "vulnerability": "VCID-dd9p-x7k3-37ea" }, { "vulnerability": "VCID-drg6-gj1f-h7ea" }, { "vulnerability": "VCID-eb5z-q7rj-j7hh" }, { "vulnerability": "VCID-ed3f-3bxh-eba4" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g3rk-djae-pkeh" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hbtn-7423-m3gb" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-hr2h-y693-sbgc" }, { "vulnerability": "VCID-j7p8-hchp-xbe3" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-kkbt-pr7u-f7gn" }, { "vulnerability": "VCID-knsd-pv15-tydx" }, { "vulnerability": "VCID-kr1b-uct1-7kf6" }, { "vulnerability": "VCID-mep3-6sub-ykdk" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nk6g-hhsk-8kaw" }, { "vulnerability": "VCID-nzeb-cy9e-tkax" }, { "vulnerability": "VCID-p5mc-r1rg-5ff7" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-r1u7-1avr-fqbs" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-sb9g-rdnm-rqbm" }, { "vulnerability": "VCID-sfyc-jewr-wuf5" }, { "vulnerability": "VCID-sgdb-985e-4uej" }, { "vulnerability": "VCID-sygb-mygd-s3gb" }, { "vulnerability": "VCID-sz4r-kjse-cbdd" }, { "vulnerability": "VCID-t2cx-7ycd-tqhq" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-t9yh-ss8z-e3cb" }, { "vulnerability": "VCID-thx6-usb2-kkgc" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-v9mt-t1pb-hybk" }, { "vulnerability": "VCID-va9q-fjn6-yqee" }, { "vulnerability": "VCID-vgm2-8wjy-x7ed" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wgr4-rzk2-4yet" }, { "vulnerability": "VCID-wyqh-g8df-hkay" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-xa94-z6yu-skf8" }, { "vulnerability": "VCID-xqzj-cww4-nbcy" }, { "vulnerability": "VCID-yy6t-ybeu-qycc" }, { "vulnerability": "VCID-yzpx-3gam-y3bu" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" }, { "vulnerability": "VCID-zkvd-bfd6-t7dg" }, { "vulnerability": "VCID-zqzx-avvt-wkhm" }, { "vulnerability": "VCID-zy7d-3db6-sydw" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@1.1.6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035730?format=api", "purl": "pkg:deb/debian/rails@2.1.0-7%2Blenny2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-19fr-55kr-hyax" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1rgy-k7a9-m7au" }, { "vulnerability": "VCID-1rxp-g9rz-4yb3" }, { "vulnerability": "VCID-1x8k-t8mr-3fgp" }, { "vulnerability": "VCID-2efj-tf8d-dfck" }, { "vulnerability": "VCID-31xv-z8c6-a7bg" }, { "vulnerability": "VCID-333w-aacz-mfcr" }, { "vulnerability": "VCID-3hur-esmy-x3hr" }, { "vulnerability": "VCID-3m2y-wy1w-n7h1" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-3zdr-vasc-a7cn" }, { "vulnerability": "VCID-43f3-rxwm-fkgv" }, { "vulnerability": "VCID-49pq-vg95-jkh2" }, { "vulnerability": "VCID-4cky-r218-dkbb" }, { "vulnerability": "VCID-4epw-vk25-mfdw" }, { "vulnerability": "VCID-4he5-y1u4-gkd2" }, { "vulnerability": "VCID-4zhj-en7h-3yaz" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-6ku5-mtgz-zygw" }, { "vulnerability": "VCID-6pxd-xsaw-tuer" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-7f5r-9h1g-nuch" }, { "vulnerability": "VCID-86jq-2md2-d7ah" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hq5-3usy-5fhq" }, { "vulnerability": "VCID-9t7a-muwx-zyee" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-bjwf-uhyk-63aj" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-ca7u-t1y4-uuc7" }, { "vulnerability": "VCID-carc-ntrd-ebfe" }, { "vulnerability": "VCID-ce39-j83r-6ug9" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-cwa7-9d2t-rfhb" }, { "vulnerability": "VCID-d15q-6ukb-wfff" }, { "vulnerability": "VCID-dd9p-x7k3-37ea" }, { "vulnerability": "VCID-drg6-gj1f-h7ea" }, { "vulnerability": "VCID-eb5z-q7rj-j7hh" }, { "vulnerability": "VCID-ed3f-3bxh-eba4" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g3rk-djae-pkeh" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-gsx2-9sc2-3fbr" }, { "vulnerability": "VCID-hbtn-7423-m3gb" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-hr2h-y693-sbgc" }, { "vulnerability": "VCID-j7p8-hchp-xbe3" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-kkbt-pr7u-f7gn" }, { "vulnerability": "VCID-knsd-pv15-tydx" }, { "vulnerability": "VCID-kr1b-uct1-7kf6" }, { "vulnerability": "VCID-mep3-6sub-ykdk" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nk6g-hhsk-8kaw" }, { "vulnerability": "VCID-p5mc-r1rg-5ff7" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-sb9g-rdnm-rqbm" }, { "vulnerability": "VCID-sfyc-jewr-wuf5" }, { "vulnerability": "VCID-sgdb-985e-4uej" }, { "vulnerability": "VCID-sygb-mygd-s3gb" }, { "vulnerability": "VCID-sz4r-kjse-cbdd" }, { "vulnerability": "VCID-t2cx-7ycd-tqhq" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-t9yh-ss8z-e3cb" }, { "vulnerability": "VCID-thx6-usb2-kkgc" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-v9mt-t1pb-hybk" }, { "vulnerability": "VCID-va9q-fjn6-yqee" }, { "vulnerability": "VCID-vgm2-8wjy-x7ed" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-xa94-z6yu-skf8" }, { "vulnerability": "VCID-yy6t-ybeu-qycc" }, { "vulnerability": "VCID-yzpx-3gam-y3bu" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" }, { "vulnerability": "VCID-zkvd-bfd6-t7dg" }, { "vulnerability": "VCID-zqzx-avvt-wkhm" }, { "vulnerability": "VCID-zy7d-3db6-sydw" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.1.0-7%252Blenny2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035731?format=api", "purl": "pkg:deb/debian/rails@2.3.5-1.2%2Bsqueeze8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-19fr-55kr-hyax" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1rgy-k7a9-m7au" }, { "vulnerability": "VCID-1rxp-g9rz-4yb3" }, { "vulnerability": "VCID-1x8k-t8mr-3fgp" }, { "vulnerability": "VCID-2efj-tf8d-dfck" }, { "vulnerability": "VCID-31xv-z8c6-a7bg" }, { "vulnerability": "VCID-333w-aacz-mfcr" }, { "vulnerability": "VCID-3hur-esmy-x3hr" }, { "vulnerability": "VCID-3m2y-wy1w-n7h1" }, { "vulnerability": "VCID-3wtf-uu89-2qe5" }, { "vulnerability": "VCID-43f3-rxwm-fkgv" }, { "vulnerability": "VCID-49pq-vg95-jkh2" }, { "vulnerability": "VCID-4cky-r218-dkbb" }, { "vulnerability": "VCID-4epw-vk25-mfdw" }, { "vulnerability": "VCID-4he5-y1u4-gkd2" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-6ku5-mtgz-zygw" }, { "vulnerability": "VCID-6pxd-xsaw-tuer" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-86jq-2md2-d7ah" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hq5-3usy-5fhq" }, { "vulnerability": "VCID-9t7a-muwx-zyee" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-bjwf-uhyk-63aj" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-ca7u-t1y4-uuc7" }, { "vulnerability": "VCID-carc-ntrd-ebfe" }, { "vulnerability": "VCID-ce39-j83r-6ug9" }, { "vulnerability": "VCID-cnqr-6e98-5kgk" }, { "vulnerability": "VCID-cwa7-9d2t-rfhb" }, { "vulnerability": "VCID-d15q-6ukb-wfff" }, { "vulnerability": "VCID-dd9p-x7k3-37ea" }, { "vulnerability": "VCID-drg6-gj1f-h7ea" }, { "vulnerability": "VCID-eb5z-q7rj-j7hh" }, { "vulnerability": "VCID-ed3f-3bxh-eba4" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g3rk-djae-pkeh" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hbtn-7423-m3gb" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-hr2h-y693-sbgc" }, { "vulnerability": "VCID-j7p8-hchp-xbe3" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-kkbt-pr7u-f7gn" }, { "vulnerability": "VCID-knsd-pv15-tydx" }, { "vulnerability": "VCID-kr1b-uct1-7kf6" }, { "vulnerability": "VCID-mep3-6sub-ykdk" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-nk6g-hhsk-8kaw" }, { "vulnerability": "VCID-p5mc-r1rg-5ff7" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-sb9g-rdnm-rqbm" }, { "vulnerability": "VCID-sfyc-jewr-wuf5" }, { "vulnerability": "VCID-sgdb-985e-4uej" }, { "vulnerability": "VCID-sygb-mygd-s3gb" }, { "vulnerability": "VCID-sz4r-kjse-cbdd" }, { "vulnerability": "VCID-t2cx-7ycd-tqhq" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-t9yh-ss8z-e3cb" }, { "vulnerability": "VCID-thx6-usb2-kkgc" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-v9mt-t1pb-hybk" }, { "vulnerability": "VCID-va9q-fjn6-yqee" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-xa94-z6yu-skf8" }, { "vulnerability": "VCID-yy6t-ybeu-qycc" }, { "vulnerability": "VCID-yzpx-3gam-y3bu" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" }, { "vulnerability": "VCID-zkvd-bfd6-t7dg" }, { "vulnerability": "VCID-zqzx-avvt-wkhm" }, { "vulnerability": "VCID-zy7d-3db6-sydw" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2.3.5-1.2%252Bsqueeze8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035732?format=api", "purl": "pkg:deb/debian/rails@2:2.3.14.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-19fr-55kr-hyax" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1rxp-g9rz-4yb3" }, { "vulnerability": "VCID-1x8k-t8mr-3fgp" }, { "vulnerability": "VCID-2efj-tf8d-dfck" }, { "vulnerability": "VCID-31xv-z8c6-a7bg" }, { "vulnerability": "VCID-333w-aacz-mfcr" }, { "vulnerability": "VCID-3hur-esmy-x3hr" }, { "vulnerability": "VCID-3m2y-wy1w-n7h1" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-6ku5-mtgz-zygw" }, { "vulnerability": "VCID-6pxd-xsaw-tuer" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-86jq-2md2-d7ah" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hq5-3usy-5fhq" }, { "vulnerability": "VCID-9t7a-muwx-zyee" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-bjwf-uhyk-63aj" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-ce39-j83r-6ug9" }, { "vulnerability": "VCID-d15q-6ukb-wfff" }, { "vulnerability": "VCID-dd9p-x7k3-37ea" }, { "vulnerability": "VCID-drg6-gj1f-h7ea" }, { "vulnerability": "VCID-ed3f-3bxh-eba4" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g3rk-djae-pkeh" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-p5mc-r1rg-5ff7" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-sb9g-rdnm-rqbm" }, { "vulnerability": "VCID-sfyc-jewr-wuf5" }, { "vulnerability": "VCID-sgdb-985e-4uej" }, { "vulnerability": "VCID-sygb-mygd-s3gb" }, { "vulnerability": "VCID-t2cx-7ycd-tqhq" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-t9yh-ss8z-e3cb" }, { "vulnerability": "VCID-thx6-usb2-kkgc" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-v9mt-t1pb-hybk" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-yy6t-ybeu-qycc" }, { "vulnerability": "VCID-yzpx-3gam-y3bu" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" }, { "vulnerability": "VCID-zkvd-bfd6-t7dg" }, { "vulnerability": "VCID-zqzx-avvt-wkhm" }, { "vulnerability": "VCID-zy7d-3db6-sydw" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:2.3.14.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035733?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-19fr-55kr-hyax" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1rxp-g9rz-4yb3" }, { "vulnerability": "VCID-1x8k-t8mr-3fgp" }, { "vulnerability": "VCID-31xv-z8c6-a7bg" }, { "vulnerability": "VCID-3hur-esmy-x3hr" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-6ku5-mtgz-zygw" }, { "vulnerability": "VCID-6pxd-xsaw-tuer" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-86jq-2md2-d7ah" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hq5-3usy-5fhq" }, { "vulnerability": "VCID-9t7a-muwx-zyee" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-bjwf-uhyk-63aj" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-ce39-j83r-6ug9" }, { "vulnerability": "VCID-d15q-6ukb-wfff" }, { "vulnerability": "VCID-dd9p-x7k3-37ea" }, { "vulnerability": "VCID-drg6-gj1f-h7ea" }, { "vulnerability": "VCID-ed3f-3bxh-eba4" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g3rk-djae-pkeh" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-p5mc-r1rg-5ff7" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-sfyc-jewr-wuf5" }, { "vulnerability": "VCID-sgdb-985e-4uej" }, { "vulnerability": "VCID-sygb-mygd-s3gb" }, { "vulnerability": "VCID-t2cx-7ycd-tqhq" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-t9yh-ss8z-e3cb" }, { "vulnerability": "VCID-thx6-usb2-kkgc" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-v9mt-t1pb-hybk" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-yy6t-ybeu-qycc" }, { "vulnerability": "VCID-yzpx-3gam-y3bu" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" }, { "vulnerability": "VCID-zqzx-avvt-wkhm" }, { "vulnerability": "VCID-zy7d-3db6-sydw" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035734?format=api", "purl": "pkg:deb/debian/rails@2:4.1.8-1%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-19fr-55kr-hyax" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1rxp-g9rz-4yb3" }, { "vulnerability": "VCID-1x8k-t8mr-3fgp" }, { "vulnerability": "VCID-31xv-z8c6-a7bg" }, { "vulnerability": "VCID-3hur-esmy-x3hr" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-6ku5-mtgz-zygw" }, { "vulnerability": "VCID-6pxd-xsaw-tuer" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-86jq-2md2-d7ah" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-9hq5-3usy-5fhq" }, { "vulnerability": "VCID-9t7a-muwx-zyee" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-bjwf-uhyk-63aj" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-ce39-j83r-6ug9" }, { "vulnerability": "VCID-d15q-6ukb-wfff" }, { "vulnerability": "VCID-dd9p-x7k3-37ea" }, { "vulnerability": "VCID-drg6-gj1f-h7ea" }, { "vulnerability": "VCID-ed3f-3bxh-eba4" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g3rk-djae-pkeh" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-p5mc-r1rg-5ff7" }, { "vulnerability": "VCID-pb5f-g4uc-r7fp" }, { "vulnerability": "VCID-s5ah-tf63-a7cw" }, { "vulnerability": "VCID-sfyc-jewr-wuf5" }, { "vulnerability": "VCID-sgdb-985e-4uej" }, { "vulnerability": "VCID-sygb-mygd-s3gb" }, { "vulnerability": "VCID-t2cx-7ycd-tqhq" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-t9yh-ss8z-e3cb" }, { "vulnerability": "VCID-thx6-usb2-kkgc" }, { "vulnerability": "VCID-v3r3-bwp5-a3bn" }, { "vulnerability": "VCID-v9mt-t1pb-hybk" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-yy6t-ybeu-qycc" }, { "vulnerability": "VCID-yzpx-3gam-y3bu" }, { "vulnerability": "VCID-z1jv-4ga2-7kd1" }, { "vulnerability": "VCID-zqzx-avvt-wkhm" }, { "vulnerability": "VCID-zy7d-3db6-sydw" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.1.8-1%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037805?format=api", "purl": "pkg:deb/debian/rails@2:4.2.7.1-1%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12x8-jxdf-jqdz" }, { "vulnerability": "VCID-19fr-55kr-hyax" }, { "vulnerability": "VCID-1bxs-yghe-cyck" }, { "vulnerability": "VCID-1rxp-g9rz-4yb3" }, { "vulnerability": "VCID-1x8k-t8mr-3fgp" }, { "vulnerability": "VCID-31xv-z8c6-a7bg" }, { "vulnerability": "VCID-3hur-esmy-x3hr" }, { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-6ku5-mtgz-zygw" }, { "vulnerability": "VCID-6pxd-xsaw-tuer" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-ce39-j83r-6ug9" }, { "vulnerability": "VCID-dd9p-x7k3-37ea" }, { "vulnerability": "VCID-drg6-gj1f-h7ea" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-g3rk-djae-pkeh" }, { "vulnerability": "VCID-g5q6-7uav-sqh1" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-p5mc-r1rg-5ff7" }, { "vulnerability": "VCID-sfyc-jewr-wuf5" }, { "vulnerability": "VCID-sgdb-985e-4uej" }, { "vulnerability": "VCID-sygb-mygd-s3gb" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-t9yh-ss8z-e3cb" }, { "vulnerability": "VCID-v9mt-t1pb-hybk" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-wyy6-h8bq-vyde" }, { "vulnerability": "VCID-yy6t-ybeu-qycc" }, { "vulnerability": "VCID-yzpx-3gam-y3bu" }, { "vulnerability": "VCID-zqzx-avvt-wkhm" }, { "vulnerability": "VCID-zy7d-3db6-sydw" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:4.2.7.1-1%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/33559?format=api", "purl": "pkg:gem/rails@5.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/181089?format=api", "purl": "pkg:gem/rails@5.2.1.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.1.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/181090?format=api", "purl": "pkg:gem/rails@5.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-5x54-hckg-x7b8" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-6yr6-a21g-dyf5" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/33563?format=api", "purl": "pkg:gem/rails@5.2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/184446?format=api", "purl": "pkg:gem/rails@5.2.2.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/184447?format=api", "purl": "pkg:gem/rails@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5qu2-b8gt-7qe3" }, { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-895a-ydc5-zfg6" }, { "vulnerability": "VCID-8dad-dvat-1fg4" }, { "vulnerability": "VCID-a6sp-18av-wya6" }, { "vulnerability": "VCID-c8b5-d83n-nuhw" }, { "vulnerability": "VCID-es1t-7196-4kbb" }, { "vulnerability": "VCID-gjey-bqtd-kqa1" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-jwun-grgg-2uet" }, { "vulnerability": "VCID-mnkw-23eu-bkgc" }, { "vulnerability": "VCID-t684-yp58-hkg8" }, { "vulnerability": "VCID-wg3a-j2dp-ayh4" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@5.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/35637?format=api", "purl": "pkg:gem/rails@6.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/184448?format=api", "purl": "pkg:gem/rails@6.0.0.beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.0.beta2" }, { "url": "http://public2.vulnerablecode.io/api/packages/184449?format=api", "purl": "pkg:gem/rails@6.0.0.beta3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-63gy-6njy-kbd8" }, { "vulnerability": "VCID-65tq-e5eb-eucj" }, { "vulnerability": "VCID-hppf-a715-r7b2" }, { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/rails@6.0.0.beta3" }, { "url": "http://public2.vulnerablecode.io/api/packages/35692?format=api", "purl": "pkg:gem/railties@5.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@5.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/184450?format=api", "purl": "pkg:gem/railties@5.2.1.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@5.2.1.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/184451?format=api", "purl": "pkg:gem/railties@5.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@5.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/184452?format=api", "purl": "pkg:gem/railties@5.2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@5.2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/184453?format=api", "purl": "pkg:gem/railties@5.2.2.rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@5.2.2.rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/184454?format=api", "purl": "pkg:gem/railties@5.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@5.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/142099?format=api", "purl": "pkg:gem/railties@5.2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@5.2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/35694?format=api", "purl": "pkg:gem/railties@6.0.0.beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@6.0.0.beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/184455?format=api", "purl": "pkg:gem/railties@6.0.0.beta2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@6.0.0.beta2" }, { "url": "http://public2.vulnerablecode.io/api/packages/184456?format=api", "purl": "pkg:gem/railties@6.0.0.beta3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zydu-j9dg-fqdb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:gem/railties@6.0.0.beta3" } ], "references": [ { "reference_url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5420.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5420.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93745", "scoring_system": "epss", "scoring_elements": "0.99853", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.93745", "scoring_system": "epss", "scoring_elements": "0.9985", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.93745", "scoring_system": "epss", "scoring_elements": "0.99851", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.93745", "scoring_system": "epss", "scoring_elements": "0.99852", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5420" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5420" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/railties/CVE-2019-5420.yml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw" }, { "reference_url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released" }, { "reference_url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" }, { "reference_url": "https://www.exploit-db.com/exploits/46785", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46785" }, { "reference_url": "https://www.exploit-db.com/exploits/46785/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46785/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689154", "reference_id": "1689154", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1689154" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521", "reference_id": "924521", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924521" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:6.0.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:6.0.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb", "reference_id": "CVE-2019-5420", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/46785.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5420", "reference_id": "CVE-2019-5420", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5420" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb", "reference_id": "CVE-2019-5420", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb" }, { "reference_url": "https://github.com/advisories/GHSA-m42h-mh85-4qgc", "reference_id": "GHSA-m42h-mh85-4qgc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m42h-mh85-4qgc" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 20, "name": "Improper Input Validation", "description": "The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 330, "name": "Use of Insufficiently Random Values", "description": "The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers." }, { "cwe_id": 77, "name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "description": "The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component." }, { "cwe_id": 338, "name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", "description": "The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong." } ], "exploits": [ { "date_added": "2019-05-02", "description": "Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)", "required_action": null, "due_date": null, "notes": null, "known_ransomware_campaign_use": true, "source_date_published": "2019-05-02", "exploit_type": "remote", "platform": "linux", "source_date_updated": "2019-05-02", "data_source": "Exploit-DB", "source_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/rails_double_tap.rb" }, { "date_added": null, "description": "This module exploits a vulnerability in Ruby on Rails. In development mode, a Rails\n application would use its name as the secret_key_base, and can be easily extracted by\n visiting an invalid resource for a path. As a result, this allows a remote user to\n create and deliver a signed serialized payload, load it by the application, and gain\n remote code execution.", "required_action": null, "due_date": null, "notes": "AKA:\n - doubletap\nStability:\n - crash-safe\nSideEffects:\n - ioc-in-logs\nReliability:\n - unknown-reliability\n", "known_ransomware_campaign_use": false, "source_date_published": "2019-03-13", "exploit_type": null, "platform": "Linux", "source_date_updated": null, "data_source": "Metasploit", "source_url": "https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/rails_double_tap.rb" } ], "severity_range_score": "7.5 - 10.0", "exploitability": "2.0", "weighted_severity": "9.0", "risk_score": 10.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zydu-j9dg-fqdb" }