Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-fr3w-ejk8-47gw
Summary
Cross site scripting in actionpack Rubygem
A cross-site scripting vulnerability flaw was found in the `auto_link` function in Rails before version 3.0.6.
Aliases
0
alias CVE-2011-1497
1
alias GHSA-q58j-fmvf-9rq6
Fixed_packages
0
url pkg:deb/debian/rails@0?distro=trixie
purl pkg:deb/debian/rails@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@0%3Fdistro=trixie
1
url pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.7%2Bdfsg-2%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-5bzk-rhe1-fqdc
2
vulnerability VCID-7zz5-k99f-v3f6
3
vulnerability VCID-f48b-ashx-53bg
4
vulnerability VCID-gbvf-y28h-kqax
5
vulnerability VCID-hdsb-jx4g-fqf6
6
vulnerability VCID-nwk7-sujd-nkc1
7
vulnerability VCID-urpb-uk1z-vqga
8
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.0.3.7%252Bdfsg-2%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
purl pkg:deb/debian/rails@2:6.1.7.10%2Bdfsg-1~deb12u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-5bzk-rhe1-fqdc
2
vulnerability VCID-7zz5-k99f-v3f6
3
vulnerability VCID-f48b-ashx-53bg
4
vulnerability VCID-gbvf-y28h-kqax
5
vulnerability VCID-hdsb-jx4g-fqf6
6
vulnerability VCID-nwk7-sujd-nkc1
7
vulnerability VCID-urpb-uk1z-vqga
8
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:6.1.7.10%252Bdfsg-1~deb12u2%3Fdistro=trixie
3
url pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ghz-4sfg-2feh
1
vulnerability VCID-5bzk-rhe1-fqdc
2
vulnerability VCID-7zz5-k99f-v3f6
3
vulnerability VCID-f48b-ashx-53bg
4
vulnerability VCID-gbvf-y28h-kqax
5
vulnerability VCID-hdsb-jx4g-fqf6
6
vulnerability VCID-nwk7-sujd-nkc1
7
vulnerability VCID-urpb-uk1z-vqga
8
vulnerability VCID-v3mu-95kt-ufc6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.2.2%252Bdfsg-2~deb13u1%3Fdistro=trixie
4
url pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:7.2.3.1%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/rails@2:7.2.3.1%252Bdfsg-1%3Fdistro=trixie
5
url pkg:gem/actionpack@3.0.6
purl pkg:gem/actionpack@3.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b9z-efz6-9fdu
1
vulnerability VCID-1xbd-73qv-mff9
2
vulnerability VCID-3edd-m27s-a3ek
3
vulnerability VCID-3rn4-abmh-nkhv
4
vulnerability VCID-4bzb-ft3d-dkgg
5
vulnerability VCID-58sa-6uag-z7hp
6
vulnerability VCID-5a2t-fre4-zkay
7
vulnerability VCID-5pfg-7ntp-eff4
8
vulnerability VCID-5psk-hzaf-1kbz
9
vulnerability VCID-8nkw-8mka-1ygk
10
vulnerability VCID-98gu-r7wd-cuah
11
vulnerability VCID-9gqn-8g4t-wfby
12
vulnerability VCID-a6wp-n5yh-ybcv
13
vulnerability VCID-b4sv-b9pz-r7er
14
vulnerability VCID-bfbp-7umh-2fcp
15
vulnerability VCID-cs1f-uhb2-xkcm
16
vulnerability VCID-dd87-gevs-juhe
17
vulnerability VCID-eeru-6pyc-8bcd
18
vulnerability VCID-ejgq-s79w-abd6
19
vulnerability VCID-g13k-qvy7-q3fk
20
vulnerability VCID-g2a6-uem4-uuce
21
vulnerability VCID-jpj6-wzp3-m3e4
22
vulnerability VCID-k6aw-heeb-wke2
23
vulnerability VCID-mnh7-4rvx-suay
24
vulnerability VCID-n7kh-9mpq-13c7
25
vulnerability VCID-nax4-x97j-9fgr
26
vulnerability VCID-nmz3-ux68-dkfd
27
vulnerability VCID-nnka-c23v-qub7
28
vulnerability VCID-p1yd-keq8-rkh3
29
vulnerability VCID-qth9-abgp-wyaq
30
vulnerability VCID-r6mr-ay8d-nqdd
31
vulnerability VCID-rgw4-mrr9-euda
32
vulnerability VCID-sg9h-7dqr-xugu
33
vulnerability VCID-v2hk-dfbe-5khc
34
vulnerability VCID-v3u5-6bpb-qfgf
35
vulnerability VCID-vhjv-9864-tbcs
36
vulnerability VCID-vs1a-m7ya-rue8
37
vulnerability VCID-y13c-awe3-2bc1
38
vulnerability VCID-zapd-uts9-zfch
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.6
6
url pkg:gem/rails@3.0.6
purl pkg:gem/rails@3.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7g2f-y978-hqgr
1
vulnerability VCID-832g-x9kb-3bbx
2
vulnerability VCID-hh65-ycrj-d7gz
3
vulnerability VCID-jpj6-wzp3-m3e4
4
vulnerability VCID-nax4-x97j-9fgr
5
vulnerability VCID-q1rj-sqa4-q3b4
6
vulnerability VCID-vs1a-m7ya-rue8
7
vulnerability VCID-w8ez-zf1z-qubq
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/rails@3.0.6
Affected_packages
0
url pkg:gem/actionpack@3.0.0.rc
purl pkg:gem/actionpack@3.0.0.rc
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b9z-efz6-9fdu
1
vulnerability VCID-1xbd-73qv-mff9
2
vulnerability VCID-3edd-m27s-a3ek
3
vulnerability VCID-3rn4-abmh-nkhv
4
vulnerability VCID-4bzb-ft3d-dkgg
5
vulnerability VCID-58sa-6uag-z7hp
6
vulnerability VCID-5a2t-fre4-zkay
7
vulnerability VCID-5pfg-7ntp-eff4
8
vulnerability VCID-5psk-hzaf-1kbz
9
vulnerability VCID-8nkw-8mka-1ygk
10
vulnerability VCID-98gu-r7wd-cuah
11
vulnerability VCID-9gqn-8g4t-wfby
12
vulnerability VCID-a6wp-n5yh-ybcv
13
vulnerability VCID-b4sv-b9pz-r7er
14
vulnerability VCID-bfbp-7umh-2fcp
15
vulnerability VCID-cs1f-uhb2-xkcm
16
vulnerability VCID-dd87-gevs-juhe
17
vulnerability VCID-eeru-6pyc-8bcd
18
vulnerability VCID-ejgq-s79w-abd6
19
vulnerability VCID-fr3w-ejk8-47gw
20
vulnerability VCID-g13k-qvy7-q3fk
21
vulnerability VCID-g2a6-uem4-uuce
22
vulnerability VCID-jpj6-wzp3-m3e4
23
vulnerability VCID-k6aw-heeb-wke2
24
vulnerability VCID-mnh7-4rvx-suay
25
vulnerability VCID-n7kh-9mpq-13c7
26
vulnerability VCID-nax4-x97j-9fgr
27
vulnerability VCID-nmz3-ux68-dkfd
28
vulnerability VCID-nnka-c23v-qub7
29
vulnerability VCID-p1yd-keq8-rkh3
30
vulnerability VCID-qth9-abgp-wyaq
31
vulnerability VCID-r6mr-ay8d-nqdd
32
vulnerability VCID-rgw4-mrr9-euda
33
vulnerability VCID-sg9h-7dqr-xugu
34
vulnerability VCID-v2hk-dfbe-5khc
35
vulnerability VCID-v3u5-6bpb-qfgf
36
vulnerability VCID-vhjv-9864-tbcs
37
vulnerability VCID-vs1a-m7ya-rue8
38
vulnerability VCID-y13c-awe3-2bc1
39
vulnerability VCID-zapd-uts9-zfch
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.0.rc
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1497.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-1497
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55931
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-1497
2
reference_url https://github.com/rails/rails
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails
3
reference_url https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
4
reference_url https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84d
5
reference_url https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.yml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-1497
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-1497
8
reference_url https://www.openwall.com/lists/oss-security/2011/04/06/13
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2011/04/06/13
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2015262
reference_id 2015262
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2015262
10
reference_url https://github.com/advisories/GHSA-q58j-fmvf-9rq6
reference_id GHSA-q58j-fmvf-9rq6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q58j-fmvf-9rq6
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 7.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-fr3w-ejk8-47gw