Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-arjz-geyr-q7e3

Summary ruby: Unsafe parsing of long strings via decode_www_form_component method

Aliases

alias	CVE-2014-6438

alias	GHSA-2j3h-55rq-rj48

Fixed_packages

Affected_packages

url pkg:rpm/redhat/ruby3-3-main@3.3.10-23.1?arch=hum1

purl pkg:rpm/redhat/ruby3-3-main@3.3.10-23.1?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp9-6q85-5ffv

vulnerability	VCID-2sv2-6snv-2bd3

vulnerability	VCID-4qm3-nbsk-73he

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5xez-skrj-b3h4

vulnerability	VCID-91b7-xx8t-rqhr

vulnerability	VCID-9x9w-2k98-wydm

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-arjz-geyr-q7e3

vulnerability	VCID-bdar-wgfe-qqgf

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-g7ju-q41v-wyhd

vulnerability	VCID-jj3a-fpsa-a7at

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qyz5-zmnt-qucy

vulnerability	VCID-rwak-wvuw-qbcg

vulnerability	VCID-sf98-mryd-yfb3

vulnerability	VCID-sfzh-hn56-hbak

vulnerability	VCID-t9y5-hd9b-bkc4

vulnerability	VCID-vcz9-dvf4-47am

vulnerability	VCID-wzdf-d9fv-u3hh

vulnerability	VCID-x126-x9qm-e7d3

vulnerability	VCID-xkd6-jvma-skfk

vulnerability	VCID-y56y-5am7-wkhr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby3-3-main@3.3.10-23.1%3Farch=hum1

url pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1?arch=hum1

purl pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp9-6q85-5ffv

vulnerability	VCID-2sv2-6snv-2bd3

vulnerability	VCID-4qm3-nbsk-73he

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5xez-skrj-b3h4

vulnerability	VCID-91b7-xx8t-rqhr

vulnerability	VCID-9x9w-2k98-wydm

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-arjz-geyr-q7e3

vulnerability	VCID-bdar-wgfe-qqgf

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-g7ju-q41v-wyhd

vulnerability	VCID-jj3a-fpsa-a7at

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qyz5-zmnt-qucy

vulnerability	VCID-rwak-wvuw-qbcg

vulnerability	VCID-sf98-mryd-yfb3

vulnerability	VCID-sfzh-hn56-hbak

vulnerability	VCID-t9y5-hd9b-bkc4

vulnerability	VCID-vcz9-dvf4-47am

vulnerability	VCID-wzdf-d9fv-u3hh

vulnerability	VCID-x126-x9qm-e7d3

vulnerability	VCID-xkd6-jvma-skfk

vulnerability	VCID-y56y-5am7-wkhr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1%3Farch=hum1

url pkg:rpm/redhat/ruby4-0-main@4.0.0-33.3?arch=hum1

purl pkg:rpm/redhat/ruby4-0-main@4.0.0-33.3?arch=hum1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1vp9-6q85-5ffv

vulnerability	VCID-2sv2-6snv-2bd3

vulnerability	VCID-4qm3-nbsk-73he

vulnerability	VCID-4yvc-uzev-wua4

vulnerability	VCID-5xez-skrj-b3h4

vulnerability	VCID-91b7-xx8t-rqhr

vulnerability	VCID-9x9w-2k98-wydm

vulnerability	VCID-a15m-bcma-vfa7

vulnerability	VCID-arjz-geyr-q7e3

vulnerability	VCID-bdar-wgfe-qqgf

vulnerability	VCID-ea13-mua4-1fb9

vulnerability	VCID-fw7k-88kf-1kgg

vulnerability	VCID-g7ju-q41v-wyhd

vulnerability	VCID-jj3a-fpsa-a7at

vulnerability	VCID-pegr-f5mh-ekdz

vulnerability	VCID-qyz5-zmnt-qucy

vulnerability	VCID-rwak-wvuw-qbcg

vulnerability	VCID-sf98-mryd-yfb3

vulnerability	VCID-sfzh-hn56-hbak

vulnerability	VCID-t9y5-hd9b-bkc4

vulnerability	VCID-vcz9-dvf4-47am

vulnerability	VCID-wzdf-d9fv-u3hh

vulnerability	VCID-x126-x9qm-e7d3

vulnerability	VCID-xkd6-jvma-skfk

vulnerability	VCID-y56y-5am7-wkhr

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby4-0-main@4.0.0-33.3%3Farch=hum1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6438.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6438.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-6438

reference_id

reference_type

scores

value	0.01127
scoring_system	epss
scoring_elements	0.78237
published_at	2026-04-01T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78245
published_at	2026-04-02T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78276
published_at	2026-04-04T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78258
published_at	2026-04-07T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78284
published_at	2026-04-08T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.7829
published_at	2026-04-09T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78316
published_at	2026-04-11T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78298
published_at	2026-04-12T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78294
published_at	2026-04-13T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78323
published_at	2026-04-16T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78321
published_at	2026-04-18T12:55:00Z

value	0.01127
scoring_system	epss
scoring_elements	0.78317
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-6438

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-6438

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-6438

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1490845
reference_id	1490845
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1490845

reference_url	https://access.redhat.com/errata/RHSA-2026:7305
reference_id	RHSA-2026:7305
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7305

reference_url	https://access.redhat.com/errata/RHSA-2026:7307
reference_id	RHSA-2026:7307
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7307

reference_url	https://access.redhat.com/errata/RHSA-2026:8838
reference_id	RHSA-2026:8838
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8838

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

Severity_range_score 7.5 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arjz-geyr-q7e3

Vulnerability Instance