Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-mzqm-gc4w-fbfp

Summary

Multiple vulnerabilities have been discovered in Ruby that allow for
    attacks including arbitrary code execution and Denial of Service.

Aliases

alias	CVE-2008-2663

alias	GHSA-8rh4-h2wx-5jpx

alias	OSV-46551

Fixed_packages

url	pkg:ebuild/dev-lang/ruby@1.8.6_p287-r1
purl	pkg:ebuild/dev-lang/ruby@1.8.6_p287-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/ruby@1.8.6_p287-r1

Affected_packages

url pkg:rpm/redhat/ruby@1.6.4-6?arch=el2

purl pkg:rpm/redhat/ruby@1.6.4-6?arch=el2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-kfgm-et3n-ckg6

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@1.6.4-6%3Farch=el2

url pkg:rpm/redhat/ruby@1.6.8-12?arch=el3

purl pkg:rpm/redhat/ruby@1.6.8-12?arch=el3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-kfgm-et3n-ckg6

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@1.6.8-12%3Farch=el3

url pkg:rpm/redhat/ruby@1.8.1-7.el4_6?arch=1

purl pkg:rpm/redhat/ruby@1.8.1-7.el4_6?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@1.8.1-7.el4_6%3Farch=1

url pkg:rpm/redhat/ruby@1.8.5-5.el5_2?arch=3

purl pkg:rpm/redhat/ruby@1.8.5-5.el5_2?arch=3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@1.8.5-5.el5_2%3Farch=3

url pkg:ruby/ruby@1.8.6

purl pkg:ruby/ruby@1.8.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-8e2m-f1fg-ffdy

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@1.8.6

url pkg:ruby/ruby@1.8.7

purl pkg:ruby/ruby@1.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-8fbf-8fea-27d9

vulnerability	VCID-94vg-kqhg-qfdv

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-9ukz-9357-aqb6

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-bv9s-j5yk-m3aw

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qjwb-ph9u-bubf

vulnerability	VCID-xtny-ychb-fff1

vulnerability	VCID-ynyp-ybd9-57df

resource_url http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@1.8.7

url pkg:ruby/ruby@1.8.8

purl pkg:ruby/ruby@1.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ww6-w1k6-xqbp

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-8fbf-8fea-27d9

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-9ukz-9357-aqb6

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-ar57-vndq-yka6

vulnerability	VCID-bjts-v9q2-9yg8

vulnerability	VCID-bv9s-j5yk-m3aw

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

vulnerability	VCID-nxub-6qsu-hbhk

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qjwb-ph9u-bubf

vulnerability	VCID-r8r3-3x8p-ebh5

vulnerability	VCID-rh8q-s45v-xbhg

vulnerability	VCID-weh8-bs3g-a3hp

vulnerability	VCID-xtny-ychb-fff1

resource_url http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@1.8.8

References

reference_url	http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
reference_id
reference_type
scores
url	http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

reference_url	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2663.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2663.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-2663

reference_id

reference_type

scores

value	0.03283
scoring_system	epss
scoring_elements	0.87205
published_at	2026-04-18T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.8713
published_at	2026-04-01T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.8714
published_at	2026-04-02T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.87157
published_at	2026-04-04T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.87154
published_at	2026-04-07T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.87174
published_at	2026-04-08T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.87182
published_at	2026-04-09T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.87195
published_at	2026-04-11T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.87189
published_at	2026-04-12T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.87185
published_at	2026-04-13T12:55:00Z

value	0.03283
scoring_system	epss
scoring_elements	0.872
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-2663

reference_url	http://secunia.com/advisories/30802
reference_id
reference_type
scores
url	http://secunia.com/advisories/30802

reference_url	http://secunia.com/advisories/30831
reference_id
reference_type
scores
url	http://secunia.com/advisories/30831

reference_url	http://secunia.com/advisories/30867
reference_id
reference_type
scores
url	http://secunia.com/advisories/30867

reference_url	http://secunia.com/advisories/30875
reference_id
reference_type
scores
url	http://secunia.com/advisories/30875

reference_url	http://secunia.com/advisories/30894
reference_id
reference_type
scores
url	http://secunia.com/advisories/30894

reference_url	http://secunia.com/advisories/31062
reference_id
reference_type
scores
url	http://secunia.com/advisories/31062

reference_url	http://secunia.com/advisories/31090
reference_id
reference_type
scores
url	http://secunia.com/advisories/31090

reference_url	http://secunia.com/advisories/31181
reference_id
reference_type
scores
url	http://secunia.com/advisories/31181

reference_url	http://secunia.com/advisories/31256
reference_id
reference_type
scores
url	http://secunia.com/advisories/31256

reference_url	http://secunia.com/advisories/31687
reference_id
reference_type
scores
url	http://secunia.com/advisories/31687

reference_url	http://secunia.com/advisories/33178
reference_id
reference_type
scores
url	http://secunia.com/advisories/33178

reference_url	http://security.gentoo.org/glsa/glsa-200812-17.xml
reference_id
reference_type
scores
url	http://security.gentoo.org/glsa/glsa-200812-17.xml

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/43346
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/43346

reference_url	https://issues.rpath.com/browse/RPL-2626
reference_id
reference_type
scores
url	https://issues.rpath.com/browse/RPL-2626

reference_url	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
reference_id
reference_type
scores
url	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524

reference_url	http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT2163

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html

reference_url	https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities
reference_id
reference_type
scores
url	https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities

reference_url	http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

reference_url	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
reference_id
reference_type
scores
url	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

reference_url	http://www.debian.org/security/2008/dsa-1612
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1612

reference_url	http://www.debian.org/security/2008/dsa-1618
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1618

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

reference_url	http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
reference_id
reference_type
scores
url	http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0561.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0561.html

reference_url	http://www.ruby-forum.com/topic/157034
reference_id
reference_type
scores
url	http://www.ruby-forum.com/topic/157034

reference_url	http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
reference_id
reference_type
scores
url	http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

reference_url	http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
reference_id
reference_type
scores
url	http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

reference_url	http://www.securityfocus.com/archive/1/493688/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/493688/100/0/threaded

reference_url	http://www.securityfocus.com/bid/29903
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/29903

reference_url	http://www.securitytracker.com/id?1020347
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020347

reference_url	http://www.ubuntu.com/usn/usn-621-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-621-1

reference_url	http://www.vupen.com/english/advisories/2008/1907/references
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/1907/references

reference_url	http://www.vupen.com/english/advisories/2008/1981/references
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/1981/references

reference_url	http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
reference_id
reference_type
scores
url	http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=450825
reference_id	450825
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=450825

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby::::::::
reference_id	cpe:2.3:a:ruby-lang:ruby::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-2663

reference_id

CVE-2008-2663

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

url

https://nvd.nist.gov/vuln/detail/CVE-2008-2663

reference_url	https://security.gentoo.org/glsa/200812-17
reference_id	GLSA-200812-17
reference_type
scores
url	https://security.gentoo.org/glsa/200812-17

reference_url	https://access.redhat.com/errata/RHSA-2008:0561
reference_id	RHSA-2008:0561
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0561

reference_url	https://access.redhat.com/errata/RHSA-2008:0562
reference_id	RHSA-2008:0562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0562

reference_url	https://usn.ubuntu.com/621-1/
reference_id	USN-621-1
reference_type
scores
url	https://usn.ubuntu.com/621-1/

Weaknesses

cwe_id	190
name	Integer Overflow or Wraparound
description	The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Exploits

Severity_range_score 10.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mzqm-gc4w-fbfp

Vulnerability Instance