VulnerableCode Vulnerability Details - VCID-2bpy-kbwe-zbg8

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2bpy-kbwe-zbg8

Essentials
Severities (2)
References (8)
Severity details (1)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2bpy-kbwe-zbg8
Aliases	CVE-2022-32224 GHSA-3hhc-qp5v-9p2j
Summary
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-502

Deserialization of Untrusted Data

System	Score	Found at
epss	0.01897	https://api.first.org/data/v1/epss?cve=CVE-2022-32224
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-32224
		https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017
		https://github.com/rails/rails/commit/611990f1a6c137c2d56b1ba06b27e5d2434dcd6a
		https://groups.google.com/g/rubyonrails-security/c/MmFO3LYQE8U
		https://lists.debian.org/debian-lts-announce/2026/05/msg00022.html
CVE-2022-32224		https://nvd.nist.gov/vuln/detail/CVE-2022-32224
CVE-2022-32224.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2022-32224.yml
GHSA-3hhc-qp5v-9p2j		https://github.com/advisories/GHSA-3hhc-qp5v-9p2j

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.83537
EPSS Score	0.01897
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T22:19:03.231805+00:00	EPSS Importer	Import	https://epss.cyentia.com/epss_scores-current.csv.gz	38.6.0