Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-c9sy-czbr-tfer

Summary

Multiple vulnerabilities have been discovered in Ruby that allow for
    attacks including arbitrary code execution and Denial of Service.

Aliases

alias	CVE-2008-2726

alias	GHSA-v2mw-g73g-923h

alias	OSV-46554

Fixed_packages

url	pkg:ebuild/dev-lang/ruby@1.8.6_p287-r1
purl	pkg:ebuild/dev-lang/ruby@1.8.6_p287-r1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/ruby@1.8.6_p287-r1

Affected_packages

url pkg:rpm/redhat/ruby@1.6.4-6?arch=el2

purl pkg:rpm/redhat/ruby@1.6.4-6?arch=el2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-kfgm-et3n-ckg6

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@1.6.4-6%3Farch=el2

url pkg:rpm/redhat/ruby@1.6.8-12?arch=el3

purl pkg:rpm/redhat/ruby@1.6.8-12?arch=el3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-kfgm-et3n-ckg6

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@1.6.8-12%3Farch=el3

url pkg:rpm/redhat/ruby@1.8.1-7.el4_6?arch=1

purl pkg:rpm/redhat/ruby@1.8.1-7.el4_6?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@1.8.1-7.el4_6%3Farch=1

url pkg:rpm/redhat/ruby@1.8.5-5.el5_2?arch=3

purl pkg:rpm/redhat/ruby@1.8.5-5.el5_2?arch=3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby@1.8.5-5.el5_2%3Farch=3

url pkg:ruby/ruby@1.8.6

purl pkg:ruby/ruby@1.8.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-8e2m-f1fg-ffdy

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

resource_url http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@1.8.6

url pkg:ruby/ruby@1.8.7

purl pkg:ruby/ruby@1.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-8fbf-8fea-27d9

vulnerability	VCID-94vg-kqhg-qfdv

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-9ukz-9357-aqb6

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-bv9s-j5yk-m3aw

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qjwb-ph9u-bubf

vulnerability	VCID-xtny-ychb-fff1

vulnerability	VCID-ynyp-ybd9-57df

resource_url http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@1.8.7

url pkg:ruby/ruby@1.8.8

purl pkg:ruby/ruby@1.8.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ww6-w1k6-xqbp

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5bte-uex2-f7du

vulnerability	VCID-8fbf-8fea-27d9

vulnerability	VCID-9gp6-pvw1-ufhs

vulnerability	VCID-9ukz-9357-aqb6

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-ar57-vndq-yka6

vulnerability	VCID-bjts-v9q2-9yg8

vulnerability	VCID-bv9s-j5yk-m3aw

vulnerability	VCID-c9sy-czbr-tfer

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-jx79-wpg7-2yaa

vulnerability	VCID-mzqm-gc4w-fbfp

vulnerability	VCID-nsa4-b31c-37g2

vulnerability	VCID-nxub-6qsu-hbhk

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qjwb-ph9u-bubf

vulnerability	VCID-r8r3-3x8p-ebh5

vulnerability	VCID-rh8q-s45v-xbhg

vulnerability	VCID-weh8-bs3g-a3hp

vulnerability	VCID-xtny-ychb-fff1

resource_url http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@1.8.8

References

reference_url	http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/
reference_id
reference_type
scores
url	http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

reference_url	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html
reference_id
reference_type
scores
url	http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2726.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2726.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-2726

reference_id

reference_type

scores

value	0.02819
scoring_system	epss
scoring_elements	0.86176
published_at	2026-04-18T12:55:00Z

value	0.02819
scoring_system	epss
scoring_elements	0.86145
published_at	2026-04-09T12:55:00Z

value	0.02819
scoring_system	epss
scoring_elements	0.86159
published_at	2026-04-11T12:55:00Z

value	0.02819
scoring_system	epss
scoring_elements	0.86158
published_at	2026-04-12T12:55:00Z

value	0.02819
scoring_system	epss
scoring_elements	0.86154
published_at	2026-04-13T12:55:00Z

value	0.02819
scoring_system	epss
scoring_elements	0.86171
published_at	2026-04-16T12:55:00Z

value	0.02858
scoring_system	epss
scoring_elements	0.86182
published_at	2026-04-01T12:55:00Z

value	0.02858
scoring_system	epss
scoring_elements	0.86192
published_at	2026-04-02T12:55:00Z

value	0.02858
scoring_system	epss
scoring_elements	0.86206
published_at	2026-04-07T12:55:00Z

value	0.02858
scoring_system	epss
scoring_elements	0.86225
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-2726

reference_url	https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657
reference_id
reference_type
scores
url	https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657

reference_url	http://secunia.com/advisories/30802
reference_id
reference_type
scores
url	http://secunia.com/advisories/30802

reference_url	http://secunia.com/advisories/30831
reference_id
reference_type
scores
url	http://secunia.com/advisories/30831

reference_url	http://secunia.com/advisories/30867
reference_id
reference_type
scores
url	http://secunia.com/advisories/30867

reference_url	http://secunia.com/advisories/30875
reference_id
reference_type
scores
url	http://secunia.com/advisories/30875

reference_url	http://secunia.com/advisories/30894
reference_id
reference_type
scores
url	http://secunia.com/advisories/30894

reference_url	http://secunia.com/advisories/31062
reference_id
reference_type
scores
url	http://secunia.com/advisories/31062

reference_url	http://secunia.com/advisories/31090
reference_id
reference_type
scores
url	http://secunia.com/advisories/31090

reference_url	http://secunia.com/advisories/31181
reference_id
reference_type
scores
url	http://secunia.com/advisories/31181

reference_url	http://secunia.com/advisories/31256
reference_id
reference_type
scores
url	http://secunia.com/advisories/31256

reference_url	http://secunia.com/advisories/31687
reference_id
reference_type
scores
url	http://secunia.com/advisories/31687

reference_url	http://secunia.com/advisories/33178
reference_id
reference_type
scores
url	http://secunia.com/advisories/33178

reference_url	http://security.gentoo.org/glsa/glsa-200812-17.xml
reference_id
reference_type
scores
url	http://security.gentoo.org/glsa/glsa-200812-17.xml

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/43351
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/43351

reference_url	https://issues.rpath.com/browse/RPL-2626
reference_id
reference_type
scores
url	https://issues.rpath.com/browse/RPL-2626

reference_url	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562
reference_id
reference_type
scores
url	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

reference_url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959
reference_id
reference_type
scores
url	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959

reference_url	http://support.apple.com/kb/HT2163
reference_id
reference_type
scores
url	http://support.apple.com/kb/HT2163

reference_url	http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460
reference_id
reference_type
scores
url	http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html

reference_url	https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities
reference_id
reference_type
scores
url	https://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities

reference_url	http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities
reference_id
reference_type
scores
url	http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

reference_url	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206
reference_id
reference_type
scores
url	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

reference_url	http://www.debian.org/security/2008/dsa-1612
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1612

reference_url	http://www.debian.org/security/2008/dsa-1618
reference_id
reference_type
scores
url	http://www.debian.org/security/2008/dsa-1618

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:140
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:141
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:142
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

reference_url	http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/
reference_id
reference_type
scores
url	http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

reference_url	http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html
reference_id
reference_type
scores
url	http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html

reference_url	http://www.redhat.com/support/errata/RHSA-2008-0561.html
reference_id
reference_type
scores
url	http://www.redhat.com/support/errata/RHSA-2008-0561.html

reference_url	http://www.ruby-forum.com/topic/157034
reference_id
reference_type
scores
url	http://www.ruby-forum.com/topic/157034

reference_url	http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html
reference_id
reference_type
scores
url	http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

reference_url	http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/
reference_id
reference_type
scores
url	http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

reference_url	http://www.securityfocus.com/archive/1/493688/100/0/threaded
reference_id
reference_type
scores
url	http://www.securityfocus.com/archive/1/493688/100/0/threaded

reference_url	http://www.securityfocus.com/bid/29903
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/29903

reference_url	http://www.securitytracker.com/id?1020347
reference_id
reference_type
scores
url	http://www.securitytracker.com/id?1020347

reference_url	http://www.ubuntu.com/usn/usn-621-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/usn-621-1

reference_url	http://www.vupen.com/english/advisories/2008/1907/references
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/1907/references

reference_url	http://www.vupen.com/english/advisories/2008/1981/references
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2008/1981/references

reference_url	http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html
reference_id
reference_type
scores
url	http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=451828
reference_id	451828
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=451828

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby::::::::
reference_id	cpe:2.3:a:ruby-lang:ruby::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
reference_id	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-2726

reference_id

CVE-2008-2726

reference_type

scores

value	7.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:C

url

https://nvd.nist.gov/vuln/detail/CVE-2008-2726

reference_url	https://security.gentoo.org/glsa/200812-17
reference_id	GLSA-200812-17
reference_type
scores
url	https://security.gentoo.org/glsa/200812-17

reference_url	https://access.redhat.com/errata/RHSA-2008:0561
reference_id	RHSA-2008:0561
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0561

reference_url	https://access.redhat.com/errata/RHSA-2008:0562
reference_id	RHSA-2008:0562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0562

reference_url	https://usn.ubuntu.com/621-1/
reference_id	USN-621-1
reference_type
scores
url	https://usn.ubuntu.com/621-1/

Weaknesses

cwe_id	190
name	Integer Overflow or Wraparound
description	The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

cwe_id	189
name	Numeric Errors
description	Weaknesses in this category are related to improper calculation or conversion of numbers.

Exploits

Severity_range_score 7.8 - 7.8

Exploitability 0.5

Weighted_severity 7.0

Risk_score 3.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c9sy-czbr-tfer

Vulnerability Instance