VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-up42-s1t8-eqa1

Essentials
Severities (29)
References (9)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-up42-s1t8-eqa1
Aliases	CVE-2020-8151 GHSA-46j2-xjgp-jrfm
Summary	Information disclosure issue in Active Resource There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-863	Incorrect Authorization
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
epss	0.00286	https://api.first.org/data/v1/epss?cve=CVE-2020-8151
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-46j2-xjgp-jrfm
cvssv3.1	7.5	https://github.com/rails/activeresource
generic_textual	HIGH	https://github.com/rails/activeresource
cvssv3.1	7.5	https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e
generic_textual	HIGH	https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e
cvssv3.1	7.5	https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc
generic_textual	HIGH	https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc
cvssv3	7.5	https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8
cvssv3.1	7.5	https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8
generic_textual	HIGH	https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-8151
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2020-8151

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2020-8151
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/rails/activeresource
		https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e
		https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc
		https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR
		https://nvd.nist.gov/vuln/detail/CVE-2020-8151
GHSA-46j2-xjgp-jrfm		https://github.com/advisories/GHSA-46j2-xjgp-jrfm

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/rails/activeresource

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/rails/activeresource/commit/0de18f7e96fa90bbf23b16ac11980bc2cb6a716e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/rails/rails/commit/0e969bdaf8ff2e3384350687aa0b583f94d6dfbc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://groups.google.com/forum/#!topic/rubyonrails-security/pktoF4VmiM8

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P7B7A4H22DZ522HLDS3JX3NX2CXIOZSR

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-8151

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.52006
EPSS Score	0.00286
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:00:33.447448+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-46j2-xjgp-jrfm/GHSA-46j2-xjgp-jrfm.json	38.0.0